Researchers discovered an exposed database comprising more than 70,000 private files that referred to firms and individuals inside RigUp’s client of U.S energy sector workers.
Well, RigUp is a Texas-based start-up that supplies gig workers for the oil and gas sector. Before this week’s announcements came to the spotlight, it had already survived defeating off more than 100 employees due to the COVID-19 outbreak.
Luckily, RigUp replied to vpnMentor’s report immediately. If any ill-disposed attackers gained access to the delicate files, the company’s clients could have got themselves on the acquiring end of criminal attacks, covering tax and insurance scams, identity theft, and many more.
Till now, no reports of that kind have surfaced through a security violation of this scale is always disturbing and can do tremendous damage to any company, but particularly one that’s just starting to get off the ground.
Timeline of Discovery
Well, the security portal, vpnMentor stated that most often, we require a few days for research and examine before we realize what’s at the post or who’s dripping the data. Investigating a breach and its possible influence takes mindful awareness and time. Therefore, we work hard to announce right and trustworthy reports, assuring everybody who interprets them realizes their seriousness.
However, the company accepted full accountability for the exposure – a rare experience – and promised a root cause investigation would be conducted.
Data Leak Includes
The exposed S3 bucket was a live database, with over 76,000 files exposed, amounting to over 100GB of data and dating from July 2018 to March 2020. Now many of you might be thinking that what are those files and what they include? Don’t worry, as below we have mentioned everything that you want to know:-
- Representative and candidate resumes.
- Personal photos, including some private family photos.
- Paperwork and IDs associated with insurance policies and procedures.
- Professional IDs.
- Profile photos, covering US military personnel.
- Scans of professional certificates in diverse fields.
Here we have some examples mentioned below:-
A resume of a job applicant, revealing numerous PII data.
A personal family photo that is found in the database.
Motor insurance policy ID card.
A certificate from US govt.
Moreover, all these files carried essential Personally Identifiable Information (PII) data for the people influenced, including:-
- Contact details like names, addresses, phone numbers, home addresses.
- Social Security data.
- Dates of birth.
- Insurance plan and tax numbers.
- Private photos.
- Additional information regarding education and professional skills.
Data Breach Impact
Well, ensuring its database, RigUp (a billion-dollar business) negotiated the safety and protection of the 1,000s of people over the USA. However, now the question arises here that if these malicious hackers found this database, it would have been a complete goldmine for several scam plans and criminal attacks upon every one connected.
How security researchers discovered the Breach
Basically, the vpnMentor investigation team discovered the BreachBreach in RigUp’s database as a section of a large web mapping project. Their researchers simply utilized the port scanning to explore particular IP blocks and inquire about several systems for flaws or vulnerabilities. Therefore, their team was capable of obtaining this database because it was unsecured and unencrypted.
When they detect a data breach, they simply use the skillful procedures to confirm the owner of the database, usually a commercial company. Well, as ethical hackers, they’re compelled to notify a company when they detect flaws in their online safety or security.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.