Open Cloud Database Exposes 200 Million Americans

Experts revealed that an unauthorized party compromised more than 200 million user records hosted somewhere within the U.S. in a Google Cloud database.

Many people are now so accustomed to cloud computing that they use it multiple times per day, whether to collaborate with co-workers, log into email accounts or do other everyday tasks. The convenience is undoubtedly one of its perks. However, cloud computing security often gets overlooked.

Although cloud computing is not inherently insecure, hackers can access a tremendous amount of information after performing a single successful database infiltration. 

A Massive Hack of a Google Cloud Database

A recent event highlights just how severe the matter can become if an unauthorized party gets into a cloud-hosted database. A research team from CyberNews revealed that an unauthorized party compromised more than 200 million user records hosted somewhere within the U.S. in a Google Cloud database. 

The researchers said that, on March 3, 2020, the hacker wiped all the content, consisting of about 800 gigabytes, off the database. Moreover, the information stored there appeared as detailed user profiles. 

The information included, among other things:

• Full names
• Email addresses
• Phone numbers
• Birthdays
• Credit ratings
• Addresses and locations of residences and mortgaged real estate
• Mortgages and tax records
• Demographics of users’ children, including genders and the number of kids
• Information about the person’s investments, interests and donations made to political campaigns, charities or religious organizations

Researchers connected that information to a primary folder on the database. They pointed out that some of the user information in it may have come from U.S. census records, noting that some of the data contained codes the U.S. Census Bureau specifically used or adopted to classify data.

CyberNews also offers a separate page that people can access to see if the hack included the seizure of their details. It requires a person to enter their email address, and CyberNews assures users it does not store information inputted into the field. 

Two Other Folders Taken, Too 

The folder with the user information comprises the primary material seized in the database. However, the compromised content encompassed two other folders, as well. The researchers determined that those did not hold personal information. One of them, though, contained emergency call logs associated with a U.S. fire department dating back to 2010. The other had a list of 74 bike-sharing stations that were once part of a transportation program and are now owned by Lyft. 

Analysts associated with CyberNews believe the lack of similarity between the information in the two other folders may mean multiple organizations used the hacked database at the same time. They cannot confirm that, however. Regarding the information in the main folder holding personal information, the research team said the structure of the content made them believe a data marketing or credit-related company owned it. 

Google Cloud Platform (CGP) is one of the major cloud providers operating in today’s marketplace. Although this is not a direct Google data breach because no evidence suggests the mega tech company owned the information, this news may make people think twice before becoming a CGP customer. 

Cloud Security Is a Topic Worthy of Discussion

The news of this recent hack opens a larger discussion of cloud security as a whole, and how many services people use that run on this technology. For example, if a company offers Kubernetes service, it provides a cloud-native option for running containerized applications. People can deploy it in almost any environment, including on-premise and in the cloud. Kubernetes has some security options, such as only allowing whitelisted connections or defining user permissions to dictate what an individual can or cannot do. 

A recent article in The Washington Post mentioned how cloud computing presents new opportunities to hackers. That’s because even if providers have built-in security, it’s usually only for the underlying infrastructure. The customers who use a Kubernetes service or any other option running partially or fully in the cloud must take responsibility for securing any apps and databases on top of that infrastructure. 

The unsettling thing about the hack discovered by CyberNews is that it targeted a publicly accessible database. The researchers cautioned that anyone could access it if they knew where to look. Moreover, the team that uncovered the issue was unable to find out information about the data’s owner or what happened to the content once someone cleared it off the database. 

Cloud Security Must Become a Priority

Whether a company is a Google Cloud customer, uses a Kubernetes service or relies on cloud computing in some other way, the details about this breach and others like it highlight how people cannot overlook cloud security. Falling short in this area can cause enormous and long-lasting ramifications.

About the author

Kayla Matthews is a technology and cybersecurity writer, and the owner of ProductivityBytes.com. To learn more about Kayla and her recent projects, visit her About Me page.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – cloud storage, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]