Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Research Team Finds 50% Increase in Exposed Data in One Year
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
2.3 billion is a massive number. It’s hard even to wrap your head around; what do I have 2.3 billion of? Video games? No. Books? No. Dollars? …
Certainly not. What about files coming from various file stores on the internet? Not me, personally, but currently 2.3 billion files are being made publicly available by misconfigured and non-secured technologies used to store this data such as Amazon S3 buckets, Server Message Block (SMB), File Transfer Protocol (FTP) and rsync servers, as well as network-attached storage drives. This is an issue that Digital Shadows’ Photon Research Team initially brought to light in 2018 with our Too Much Information report, which detailed the discovery of 1.5 billion files. Well, one year and one massive data privacy regulation (GDPR) later, we’re back for the sequel: Too Much Information: The Sequel, to be exact.
Photon analyzed across all of the exposed data, determining that the United States still had the highest amount of exposure for any single country, at more than 326 million files. France and Japan lead their regions, with 151 million and 77 million files exposed, respectively.
Also keeping with the trend from last year, the SMB protocol exposed the most data among the technologies we analyzed. FTP and rsync servers claimed 20 percent and 16 percent of the exposure detected, respectively. One good piece of news is that although Amazon S3 bucket exposure for the last year had increased overall, we see a decline in exposure following the release of a new feature called “Block Public Access,” which does exactly what you would think it does. It’s a significant step in the right direction, and we hope people take notice of this.
Within Too Much Information: The Sequel, we highlight several case studies to give readers examples of the type of information exposed to the open internet, with no protection what-so-ever.
In total, we detected around 4.7 million medical-related files, some seemingly innocuous or at least not overtly sensitive, but others were patient records, doctors’ notes, and medical images like X-ray scans. Health care data is some of the most private that we have, and to expose this information without any protections is shocking.
We detected several instances of personal NAS drives openly storing things like job applications, passport scans, and asset documents, all of which contained sensitive, personally identifiable information for the individuals.
We also have yet another example of third-party exposure, with a small IT consulting firm exposing passwords for their client’s systems in plain text. We all need to be better about securing this data.
It would appear threat actors are also attempting to monetize this exposure. Within our data set, Photon detected 2 million files were encrypted by the Samba server-targeting variant “NamPoHyu,” all within the last few months alone. In total, 17 million files had been held hostage by various ransomware variants. The best practice when it comes to ransomware infections is always to keep current backups – a line we’ve heard over and over again. However, what happens if even those files get encrypted by NamPoHyu or some other variant? Securing those backups is also crucial.
We conclude the paper, like all Photon Research reports, with mitigation advice on how to solve these issues, broken down by their technologies. In summary:
Be sure to download the full Too Much Information: The Sequel report and keep an ear out for this week’s episode of ShadowTalk where we discuss the report and its findings.