back to article The strange case of the data breach that stayed online for a month

A couple of weeks ago Jeff* quit his job at the Singaporean branch of a major enterprise technology vendor that is, if not quite a household name, certainly known to most IT professionals. Not long afterwards he Googled his old work employee ID number and was unpleasantly surprised to see the first result was a link to a …

  1. Oliver Mayes

    "a test and development server had been exposed to the internet."

    Live customer data should never go anywhere near a test or dev box. Those boxes should also never be able to touch the outside world like this, sounds like a lot more than a single server being misconfigured to me.

    1. Aitor 1

      Agree

      The very least you can do is switch the names and surnames randomly, and also randomly change id and bank account numbers (in this case, change numbers, not switch). You should never user the real address of anyone.

      That would be as good for testing, and no risk.

  2. Wolfclaw

    Surprised he didn't email a copy of the spreadsheet to his ex-colleagues and wait for the shit storm to hit the company over it's pay structure.

    1. Cuddles

      "Surprised he didn't email a copy of the spreadsheet to his ex-colleagues and wait for the shit storm to hit the company over it's pay structure."

      Indeed. Personal data being exposed on the internet hardly counts as news these days; you need at least a few billion records involved for anyone to take any notice at all. A large multinational company having huge disparity in pay based on gender and nationality is... OK, that's not really news either. But yeah, I guess at least the people involved would appreciate knowing about it.

  3. AustinTX
    Holmes

    Ransomware which sets up LAMP servers?

    I can't fathom how spreadsheets from someone's workstation drive ended up in a public-accessible web folder on a server. Unless the company used a central server and web interfaces for it's document storage? Or perhaps the visible documents were placed there by extortionists to prove that they'd hacked their network and were rummaging around... ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Ransomware which sets up LAMP servers?

      You'd be surprised. If you're using Google cloud its surprising easy to publish to the world and his dog rather than your company's bit of the cloud.........

    2. Anonymous Coward
      Anonymous Coward

      Re: Ransomware which sets up LAMP servers?

      Well, that's what happens when you use Vista as an IIS test server....

  4. DontFeedTheTrolls
    Terminator

    Wayback

    Google is not the only entity that caches what is out there and makes it available to anyone ...

  5. adam payne

    The multinational company declined to name the source of the breach, told us staff were confident the breach wasn't its fault and hinted that a third party was to blame.

    So you wash your hands of the problem by saying not us, fantastic attitude to have.

    The data was given to you and the third party acts on your behalf so it is your responsibility.

    the Singaporean service provider told us the cause was a ransomware infection that reset the server's security configuration. During the effort to repair the server, staff realised it was now in an insecure state, fixed that and tried to ensure the data was not accessible from the public Web.

    A ransomware infection on a server and you left that server connected to the internet while removing the infection. Then left it on the internet while you secured it again?!? WOW seriously?

    1. netminder

      Not making the situation worse is OK in my book. There is no reason to give specific information when doing so increases the likelihood of further harm. The people who are at risk for having their PII exposed deserve better than their company gave them & there is no need for Reg to make things worse.

      Name and shame the company after the data has been secured.

  6. Doctor Syntax Silver badge

    "Nor have we used the names of the companies involved"

    So he didn't find it on Google? Maybe it was Bing.

  7. Florida1920
    Alert

    Appropriate punishment

    Don't they still cane people in Singapore?

  8. G2
    Facepalm

    ElReg cache flush

    "We therefore asked Google if it offers service levels for requests to flush its cache. The company told us it wouldn't comment on an individual case [...] Neither really explains how it would respond to a request to remove data from its cache."

    well, D'OH... you basically asked if water is wet.

    https://www.google.com/webmasters/tools/

    go to the link where they told you to go, you have to verify ownership of the site and then you can dig in settings to flush cache and pretty much nuke everything related to that site's presence on Google.

    Bing and the other major search engines have similar options, so it's a bit of a whack-a-mole to do that with various search engine caches.

    The site owner can also add a robots.txt to the website with:

    User-agent: *

    Disallow: /

  9. Anonymous Coward
    Thumb Up

    On a Wednesday?

    This story has something of a whiff of one of Reg's Friday columns, starting from "Jeff" (nice way to anonymise Geoff). Are you angling for another regular-anecdote slot?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like