This week there have been two data incidents of interest. The first being 50 million Instagram users had their data exposed on an Amazon database that did not require a password (BBC). The other being HCL, in which their HR portal housed unhashed passwords as well as names and usernames of 54 people that did not require authentication to see. In addition to employee information there was also customer information that was publicly available. The data exposure was discovered by UpGuard who had this to say, “A large services provider like HCL necessarily manages lots of data, personnel, and projects. That management complexity writ large is the root cause of data leaks in general. In this case, pages that appeared like they should require user authentication instead were accessible to anonymous users.”
Data Protection Through Authentication
Published
cybersqueeze 