RigUp is a labor marketplace and services providerbuilt for the US energy sector, with clients across the country.
The breached database was huge, containingover 70,000 private files belonging to companies and individualsusing RigUps platform.
The leaking database represents amajor lapse in basic data security protocols for a company of this size.
Understanding a breach and its potential impact takes careful attention and time.
We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research, or playing down its impact.
So, we need to be thorough andmake sure everything we find is correct and accurate.
Based on this, we were quickly able to confirm the company as the databases owner.
We then reached out to both RigUp and AWS to report the vulnerability, and offer our assistance.
All of this data could be used in a variety of fraudulent activities.
Hackers could also go a step further.
Many people across the USA are now facing huge uncertainty in their employmentas a result of the Coronavirus pandemic.
Millions of people have been ordered to stay at home, while businesses across the country shut down.
Furthermore, many of thesenew users will be facing economic hardship and uncertaintyin the coming months.
The consequences of a successful hack or cyberattack on such peoples' security and livelihood would be dire.
Of course, on a much bigger scale and with potentially far worse outcomes.
Theyre seen as easy targets, due to smaller cybersec budgets and fewer resources.
Doing so could cripple a company financially and put their employees jobs at risk.
The companies affected face other dangers.
Many of the files on the database related to construction and energy contracts between various parties.
Having these leaked could jeopardize a project if a third party was uncomfortable having the details publicly accessible.
As a result,RigUp may face investigation and scrutinyfrom Californias legislature, along with other concerned parties.
Amazon provides detailed instructions to AWS users to help them secure S3 buckets and keep them private.
To learn about data vulnerabilities in general,read ourcomplete guide to online privacy.
They subsequently probe each of these weaknesses for potential data leaks.
Our team was able to access this database because it was completely unsecured and unencrypted.
As ethical hackers, were obliged to inform a company when we discover flaws in their online security.
The purpose of this web mapping project is to helpmake the internet safer for all users.
Wenever sell, store, or expose any informationwe encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data leaks in recent years.
[Publication date: 08.04.2020]
like, comment on how to improve this article.
