Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
For organizations dealing with proprietary information or assets, one of the greatest concerns is the threat of competitors getting hold of trade secrets. But what if organizations are already leaving their precious Intellectual Property (IP) publicly exposed, within easy reach of attackers?
Our latest research report, “Too Much Information”, highlights the sheer scale of this occurrence. The reality is that a lot of organizations are giving up this information freely, by unintentionally exposing IP through Amazon S3 buckets, rsync, SMB, FTP, NAS drives, and misconfigured websites.
Would you like any secret source with that?
Among the 1.5 billion files we found exposed through these services were over 95,000 examples of source code information, 900 patent applications, and 69 copyright applications.
Figure 1: Types of publicly-available intellectual property
In one instance, we detected a document containing proprietary source code that was submitted as part of a copyright application (Figure 2). The file included code that outlined the workflow and design of a site providing Electronic Medical Records, all of which was uploaded onto a publicly accessible Amazon S3 bucket.
Figure 2: Introductory page for copyright application containing source code for a company’s app
In another example, we came across an archive of patent summaries for a renewable energy technology company (Figure 3). These documents were marked as “strictly confidential” and contained a copious selection of patent applications complete with detailed labelled diagrams, patent application numbers, filing dates and patent descriptions that discussed the advantages and disadvantages of their product.
Figure 3: Redacted page from patent documents belonging to renewable energy company
Corporate espionage made easy
Of all the data organizations look to control, IP is among the most precious. Loss of IP can have a number of considerable impacts:
While organizations may worry about corporate espionage conducted through insiders, network intrusions and phishing campaigns, these findings demonstrate that there is already a large amount of sensitive data publicly available. Talk about making the competition’s job even easier.
To learn more about the other types of sensitive data that these services are exposing, download a copy of our report.
Want more Digital Shadows research? Subscribe to our threat intelligence emails here.