Dutch Hacker Reportedly Stole Data About Austria’s 9 Million Citizens by Using a Search Engine to Access a Misconfigured Cloud Database

[Peter_Brosdahl]

Die Presse has reported that the Dutch hacker was able to obtain the data due to a glitch while a contracted Viennese IT company performed maintenance on the GIS database. It is believed that an employee accidentally left the database unprotected and accessible to the internet for about a week before it was discovered.

See full article...

 

[MadMummy76]

OMG, very misleading title. They didn't stole from 9 million people, they downloaded unspecified details of registered users from a government database and then resold that as lists. They don't say what personal details were actually accessible.

Also LOL at the company waving their ISO certification as proof of anything. That's the most worthless piece of burocratic toilet paper if there ever was one.

 

[Grimlakin]

All the certifications in the world don't matter if one of your steps to work on something is to EXPOSE IT FO THE FREAKIG INTERNET no matter for what length of time. What kind of idiot security team was overseeing this? How could this actually happen without ANYONE catching that they were opening up their Metadata to the internet at large even for a minute?

If someone didn't his without peer review or oversize they need to be fired and sued. If someone did this with peer review and oversize they need to be fired.

You NEVER expose internal data to the ENTIRE INTERNET for any length of time... EVER.

 

[Peter_Brosdahl]

OMG, very misleading title

Yeah, sorry about that. I was running with a theme from the source site and I had made changes to the search description blurb but forgot to get back to the title. I just changed it.

 

[MadMummy76]

You NEVER expose internal data to the ENTIRE INTERNET for any length of time... EVER.

You never worked with stingy companies. They don't want to spend on experts. "Friedrich from accounting knows a thing or two about databases, have him work on it..."

Many government contractors work with unfiltered lists containing tons of personal data. You might as well assume it is public domain.

Yeah, sorry about that. I was running with a theme from the source site and I had made changes to the search description blurb but forgot to get back to the title. I just changed it.

It's nothing, I was blaming the source, not you.

 

[Brian_B]

You never worked with stingy companies. They don't want to spend on experts. "Friedrich from accounting knows a thing or two about XYZ, have him work on it..."

This is the story of my entire career right here.