get2Clouds

Cloud Hacks of 2017

2017-09-06
Take back your cloud with get2Clouds(R)!

Clouds are hacked and sensitive information is leaked far more often than it should. Therefore we’d like to keep you updated on some of the bigger cloud security breaches of this year and we've started a list that will be updated whenever a new hack is exposed. After reading, be sure to take back your own cloud with get2Clouds®! Because although you might think your information isn’t worth anything to others, you could be sorely mistaken. Better encrypted than sorry!

July
14 million Verizon customers’ details exposed
Left unprotected on an Amazon S3 cloud server, phone numbers, names and pin codes of millions of Verizon customers who had called the phone company were fully downloadable and configured to allow public access. The server was owned by NICE systems, an Israel-based vendor for Verizon. The server has since been fixed and the data is secure once again.

April
HipChat’s encrypted database hacked
Workplace chat platform and teamwork tool HipChat faced a security breach in April that is said to have affected their company’s cloud web tier. Account names, email addresses and hashed passwords were accessed. No evidence of other breaches in Atlassian’s (HipChat’s mother company) systems or products was found. In response, Hipchat invalidated the passwords of all possibly affected accounts en told users how to reset them and rolled out an update with a patch.

February
Cloudflare's ‘Cloudbleed’
A bug in Cloudflare’s software, that is used by millions of companies including big names like Uber, Fitbit and OKCupid, meant that unhashed and plaintext information was randomly leaked all over the internet. The bug was discovered in February 2017, but could’ve already started leaking the potentially sensitive information in September 2016. It’s not clear how much personal information and what in particular was leaked, and the exposed data wasn’t on any well-known sites, but any snippet of information could’ve been compromised. Thus, the incident has since then been named ‘Cloudbleed’. Cloudflare pushed a fix within an hour after learning about the bug and a permanent patch within seven hours, but it’s still hard to track down and clean up all the leaked data.