ABC Commercial data leak, including database backups, found by Ukrainian firm

Tom Joyner
www.abc.net.au
17th Nov 2017ABC data Breach

A Ukrainian cybersecurity firm has discovered an unsecured cache of ABC Commercial files, which it says includes two years of database backups, email addresses and hashed passwords.

The files were found by cybersecurity firm Kromtech on an incorrectly configured internet service.

The company initially attempted to alert the ABC of the data breach on Wednesday.

Kromtech head of communications Bob Diachenko said the firm found the publicly accessible data by accident using a simple search tool.

“We used a public search engine, and this tool allows you to search for any open databases connected to the internet,” Mr Diachenko said.

“So we ran the search … and one of the links that we saw was a link to the commercial department of the ABC.”

Kromtech said the exposed data included 1,800 daily backups of an ABC Commercial database, as well as requests sent by overseas TV producers to the ABC to license its content.

The data was stored on a widely-used commercial cloud service run by internet giant Amazon, called Amazon S3.

An ABC spokesperson said the corporation was notified of “a data exposure” on November 16 and technology teams “moved to solve this issue as soon as they became aware”.

The data is no longer publicly accessible. The ABC’s spokesman was asked how long the files were available and unsecured, but no answer was provided.

Redacted leaked data from ABC Commercial.

Photo: A redacted screenshot of the names, email addresses and hashed passwords of ABC employees. (Supplied: Bob Diachenko)

Mr Diachenko said anyone could have potential access to the data if they knew — or could guess — the name of the folder in which it was stored.

“It was open to the public, and what is more alarming is that not only public data was there, but also private data, which is not supposed to be under such a configuration,” he said.

“It doesn’t require any password. You just put the link into your browser and you receive access.

“If you’re a malicious person and targeting for example the ABC or any other company, you can simply try to get the most popular extensions used by administrators to … gain access.”

Data leak doesn’t surprise security expert

Breaches of personal data held by corporations or government are increasingly common, and recent laws introduced in Australia compel certain organisations to report them.

According to a 2017 Australian Cyber Security Centre threat report, criminals can use personally identifiable information to “facilitate financial crimes and identity theft”.

“Basic information, such as name, birth date and address, is often enough for criminals to impersonate victims,” the report reads.

The report also warns of inadvertent data exposure via Amazon S3, which is what happened to ABC Commercial.

“Data exposed has included customer names, credentials for internal systems, and network diagrams,” a case study reports.

Screenshot of ABC data found by Ukraine-based Bob Diachenko.

Troy Hunt, a security researcher who tracks online data breaches, said he was not surprised by news of the ABC breach.

“A lot of the value proposition of the cloud, a lot of the attraction is that it is very cost-effective, it is very easy to access and stand up services,” Mr Hunt said.

“That makes it fantastic for doing good things with, but all of those attributes also make it extremely easy to make one little mistake.

“[This kind of data breach] is not unusual, and the reality of it is the ABC just joins a great big long list of organisations that have done precisely the same thing.”

A spokesperson for the Office of the Australian Information Commissioner said the agency is not investigating the incident.

“This incident is a reminder of how important it is for organisations who use web services like Amazon S3 to check that their security settings are properly configured,” the spokesperson said.

Advertisements

Posted on November 21, 2017, in ConspiracyOz Posts. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: