These medicinal products include patented, brand-name pharmaceuticals and generic products.
Publicly listed on the New York Stock Exchange, Pfizer generated $51.8 billion in revenue in 2019.
But rare are these times.
Most often, we need days of investigation before we understand whats at stake or whos exposing the data.
In this case, the exposed files were stored on a misconfigured Google Cloud Storage bucket.
Google Cloud Storage is different from Google Drive, providing service specifications for enterprise platforms and corporate customers.
Initially, we suspected the misconfigured bucket to be related to just one of the medication brands exposed.
However,upon further investigation, we found files and entries connected to various brands owned by Pfizer.
Eventually, our team concludedthe bucket most likely belonged to the companys US Drug Safety Unit (DSU).
Once we had concluded our investigation,we reached out to Pfizer to present our findings.
It took two months, but eventually, we received a reply from the company.
“This was a surprising response from one of the biggest companies in the world.
After this, they finally secured the bucket, but never replied to our messages again.
Not only is this a moral responsibility.
For example, many people were enquiring about prescription refills and other queries.
At the time of the data breach, Coronavirus was still surging across the USA.
Google offers comprehensive guidance to its users to ensure their buckets are properly secured and maintained as private.
To learn about data vulnerabilities in general, read ourcomplete guide to online privacy.
They examine each weakness for any data being exposed.
Our team was able to access this bucket because it was completely unsecured and unencrypted.
As ethical hackers,were obliged to inform a company when we discover flaws in their online security.
The purpose of this web mapping project is to helpmake the internet safer for all users.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.
Help Us Protect the Internet!
