Data Exposure: How do you avoid it?
The first major data leak of 2019 has occurred. VOIPo, a Voice-Over-IP service provider based in California, accidentally publicized its databases, leading to almost 7 million VOIP call logs, message logs, and other sensitive information being leaked. The leak was discovered by Cloudfare security researcher Justin Paine, who found out that VOIPo’s data was available on the search engine Shodan. Shodan is a platform like Google or Bing that indexes webpages, but it also does so for other devices such as smart TVs.
This is the second VOIP data leak event within the last 6 months. In November of 2018, Voxox, another VOIP service provider, similarly left their databases accessible to the public.
What is Data Exposure?
With many organizations moving to network-based and cloud-based data storage, data leakage is now a more relevant problem than ever before. Because sensitive data is kept on the internet, it is easily accessible by virtually anybody if a mistake is made in password protection. Often, data exposure is the result of an accidental error in configuration. For instance, in the case of VOIPo, it could have been a mistake as simple as setting the data to public instead of private in a settings menu. With search engines such as Shodan that index everything from webpages to webcams, any address that is not protected instantly becomes identifiable and accessible by anyone with an internet connection.
How do you prevent Data Exposure?
One of the easiest and quickest ways of securing your databases is by using 2 factor authentication. This is an extra step of security that involves connecting a device or secondary email to your login process, so that whenever an unfamiliar device logs they will also require access to your device to enter your account. This ensure that even if an individual has your login credentials, they will still be unable to access your data.
It is also essential to constantly monitor account activity. A sudden increase in activity may indicate that your data has been accidentally exposed to the public.
Don’t fall victim to data exposure. Contact us at 888 366 4443 for more information on our IT security services!