PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Private calls between prisoners and their attorneys were leaked from an unprotected server

PaymentsJournal by PaymentsJournal
October 15, 2020
in Press Releases, Recent News, Security
0
Private calls between prisoners and their attorneys were leaked from an unprotected server
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

Researchers warn: there are nearly 10,000 exposed databases that could potentially leak sensitive information

14 October 2020. A prison video visitation service leaked thousands of calls between inmates and their attorneys, according to a recent report by TechCrunch. The data leaked from an unprotected server.

Bob Diachenko, a security researcher, has commented that “a dashboard for one of its databases was left exposed to the internet without a password, allowing anyone to read, browse and search the call logs and transcriptions of calls between inmates and their friends and family members.” The same database also contained transcripts of calls between inmates and their attorneys, which were supposed to be protected by attorney-client privilege.

Such incidents, when companies leave their databases exposed, are not that unusual. According to the study by NordPass, researchers identified a total of 9,517 unsecured databases containing 10,463,315,645 entries with such data as emails, passwords, and phone numbers.

The databases were found across 20 different countries, with China being at the top of the list — the country had nearly 4,000 exposed databases. This means that potentially more than 2.6 billion users could have had their accounts breached.

The United States comes second, with nearly 3,000 unsecured databases and almost 2.3 billion entries made available online.

India was third, with 520 unsecured databases and 4,878,723 entries.

The essentials of database security

Data security and protection should be a top priority. “Every company, entity, or developer should make sure they never leave any database exposed, as this is obviously a huge threat to user data,” says Chad Hammond.

When asked to highlight the main points of database security, the expert emphasized:

“Proper protection should include data encryption at rest, wire (in motion) data encryption, identity management, and vulnerability management.

Data can be exposed to risks both in transit and at rest and therefore requires protection in both states. While there are several different approaches, encryption plays a major role in data protection and is a popular tool for securing data both in transit and at rest.

Nevertheless, all data should be encrypted using trusted and robust algorithms instead of custom or random methods. It’s also important to select appropriate key lengths to protect your system from attacks.

Identity management is another important step and should be used to ensure that only the relevant people in an enterprise have access to technological resources.

Finally, every company should have a local security team responsible for vulnerability management and able to detect any vulnerabilities early on,” says Chad Hammond.

As for the users, the security expert yet again draws attention to the importance of a strong password. “The fact that we have more than 10 billion passwords up for grabs should only encourage people to think of strong, lengthy passwords. If your password is “12345”, no firewall in the world will protect your data. Your password shouldn’t be a dictionary word either — an average person uses only about 20,000-30,000 words, so chances are that all of them are already among those 10 billion,” says the NordPass security expert.

Methodology: NordPass partnered up with a white hat hacker, who scanned elasticsearch and mongoDB libraries, looking for exposed, unprotected databases. Once found, he logged into those public databases and checked what kind of data could be found there. The white hat hacker has shared with NordPass how many exposed databases and entries he had found. The hacker requested to stay anonymous. Time frame: June 2019 to June 2020.

ABOUT NORDPASS

NordPass is a password manager powered by the latest technology for the utmost security.  Developed with affordability, simplicity, and ease-of-use in mind, NordPass allows users to access passwords securely on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN — the advanced security and privacy app trusted by more than 14 million customers worldwide. For more information: nordpass.com.

Tags: CybersecurityData BreachNordPassPress Release
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    open-banking Data-Sharing as a Solution to Cash Flow Issues standa

    Disjointed Open-Banking System in U.S. Leaves Opening for Permissioned Data Providers

    September 29, 2023
    FedNow

    FedNow Could Mean a Renaissance for Smaller Financial Institutions

    September 28, 2023
    Best Merchant Practices for Dealing with Supply Chain Disruption

    Nearly Half of Merchant Data is Probably Wrong. Here’s Why it Matters.

    September 27, 2023
    Mitigation of P2P Fraud Begins with Education

    Mitigation of P2P Fraud Begins with Education

    September 26, 2023
    digital payments

    Mass A2A Payment Adoption in The U.S. Contingent on Compelling USP

    September 25, 2023
    cashless payments mobile

    The Synergy Between Cashless Payments and Seamless Mobile Coverage

    September 22, 2023
    The Power of AI and How its Transforming the Financial Landscape

    The Power of AI and How It’s Transforming the Financial Landscape

    September 21, 2023
    “You’re a Fintech, I’m a Legacy Bank – How Can We Collaborate?”

    Investing in Fintech: Opportunities and Challenges in the Payments Industry

    September 20, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result