The Cloud. To many, it’s a mysterious-sounding name for a complex ‘computer thing’. To others, it’s a convenient way to sync devices and share files with friends. But for cybercriminals, it’s a treasure chest of sensitive information just waiting to be plundered.
A few months ago, a movie starring Cameron Diaz and Jason Segel titled ‘Sex Tape’ was released, telling the comedic story of a couple whose sex tape was accidentally synced to the Cloud and subsequently distributed over the internet.
Life occasionally imitates art, as last Sunday evening a huge leak of celebrity nude photos was posted on the imageboard site 4chan, with many reports indicating that Apple’s iCloud service had been breached to procure the images.
However, a more recent report seems to indicate otherwise. It appears that hackers simply wrote a script to brute-force celebrities’ accounts with the top 500 most common passwords approved by Apple. Once the hackers gained access, they had full viewing rights to all of the celebrities’ private data they had synced onto the cloud, including the intimate photos now circulating the web.
The problem with new technologies like the Cloud is how convenient and easy-to-use it seems, so much so that few people take a step back to worry about the possible issues or repercussions of using a storage platform that can be accessed from the public internet. Take these tweets from Mary Elizabeth Winstead, one of the celebrities who had her private photos posted in the recent leak:
While our hearts go out to Ms. Winstead, the impression we have from her tweets is that she was unaware that images deleted on her camera-equipped device had been synced to the Cloud, and hence were still floating about the internet. And judging by the fact that over 20 other celebrities including the likes of Jennifer Lawrence and Kate Upton are now facing the same predicament, it’s pretty clear that she isn’t the only one who was previously oblivious to the potential dangers of using public Cloud storage providers.
Whilst embarrassing to the celebrities affected, what would be of greater concern is the same hackers using this attack to steal sensitive customer data from the millions of businesses currently syncing all their business and customer data to the Cloud.
Today’s business cloud providers offer background synchronization features that automatically copy the contents of your ‘My Documents’ and other folders. The synchronized data then becomes available via a Cloud storage folder that is publicly accessible from the internet and protected only with an email address and password. Often, businesses are not aware of exactly how much sensitive data is being synchronized automatically, putting them at an even greater risk.
The lesson for any size business is simple: Understand your cloud usage and take steps to validate you’re not inadvertently synchronizing sensitive customer data to these providers. If your data gets breached, you stand to lose more than just your modesty; you may be compromising sensitive data of not only you and your employees but your customers as well. A breach could mean spending large sums of money on remediation fees, in addition to a loss of trust from your valued customers.
Identifying this problem is easier than you think. Ground Labs’ products are designed to search for more than 95 types of sensitive data that may be stored in your corporate storage repositories, including local sync folders and remote cloud providers. If any sensitive data is found, remediation options can be used to help protect the information against the threat of a data breach.