Cloud Data Management Specialist Rubrik Leaks Massive Database of Client Data

Companies that talk about getting serious on security really need to start “walking the talk”.  It’s quite ironic that we’ve had a number of major security issues or privacy breaches such as the Airbus data breach and Apple’s Facetime bug so close to Data Privacy Day. And these aren’t just small companies we’re talking about, but giants within their respective industries.

Within the same week, Rubrik, the cloud and data management giant, was hit with a massive data leak which has exposed the data (going back to October 2018) of all of the company’s corporate clients, including their names, contact information, support requests as well as setup and configuration details.

The leak is believed to have been caused by a misconfigured AWS Elasticsearch server, which held a database containing tens of gigabytes of data. Rubrik failed to follow its own security procedure, resulting in the data repository to be defaulted to a lower security access level. Since the server in question lacked any sort of password protection, as discovered by security researcher Oliver Hough, it was accessible to anyone who knew its location.

This should come as a blow (or at the very least, a huge embarrassment) for the company that specialises in providing cloud-first backup and recovery solutions for some of the biggest enterprises and organisations in the world – especially following Rubrik’s recent announcement that it’s expanding into providing security and compliance services as well.

Rubrik has had a bit of a meteoric rise since the company was founded in 2014. Its dynamic and innovative approach to a stagnant backup and recovery market has seen it become one of the fastest-growing unicorns in Silicon Valley and is now valued at US$3.3 billion.

Some of Rubrik’s biggest customers include the likes of the U.S. Department of Defense and Homeland Security, Shell, Deloitte, the UK’s National Health Service as well as the Scottish government.

Since the exposed database disclosed the company’s entire roster of corporate clients, some of whom are based in the EU, Rubrik will likely land in hot water with regards to the GDPR (which could cost Rubrik up to 4% of its annual worldwide turnover).

In response, Rubrik has stated that they “rectified this issue immediately” by rolling out multiple levels of approval and security reviews to prevent such a slip-up from reoccurring. According to a Rubrik spokesperson, no one else had access to the exposed customer-owned data other than the researcher who discovered the security issue. However, no evidence was given to support this claim.

The fact that the exposed server was indexed on Shodan, a search engine that lets users locate exposed (in other words, vulnerable) Internet-connected devices, means that it could have been discovered and accessed by anyone.

Security is supposed to be a strong suite for backup and data protection companies, so such a rudimentary slip-up would surely shake a little customer and public confidence in Rubrik’s capabilities and trustworthiness in keeping sensitive customer information safe.

This incident also highlights the growing complexity of operating within today’s cloud environment. This wasn't a case of a hack or targeted cyber attack, but simply a server misconfiguration issue. If it could happen to a tech giant like Rubrik, it could happen to any of today’s cloud-enabled organisations and potentially lead to dire consequences.

You might also like
Most comment
share us your thought

6 Comments Log in or register to post comments

accsmarket.net@gmaildot.com's picture

Twitter Account with 6100+ Active Followers *Cheap & 100% Real BUY NOW visit the next website page https://sellaccs.net Contact Skype & Telegram : congmmo ICQ : @652720497 Email : accsmarket.net@gmail .com Thanks
bitkingdom.net@gmail.com's picture

Make Your Bitcoin Double In Just 12 Hours. The website promises to double your bitcoin with no human intervention required. Our system is fully automated it only needs 12 hours to double your bitcoins. Click Here : https://bitkingdom.net
doublebtc.net@gmail.com's picture

2x Bitcoin: Wanna Double Your BTC to the Moon? A section of the Moon Bitcoin Live website shows the scheme's promise to double your bitcoin in 24 hours. Click to : https://doublebtc.net
sela.mtaandy@gmail.com's picture

Hello, guys! I have really enjoyed the infromation above and after this i hope that you will visit my link https://writingservice-us.com/ right here.
thainguyen5643@gmail.com's picture

2x Bitcoin: Wanna Double Your BTC to the Moon? A section of the Moon Bitcoin Live website shows the scheme's promise to double your bitcoin in 24 hours. Click Here : https://earnx2btc.com
xrumerspamer@gmail.com's picture

[url=https://adti.uz][img]https://i.ibb.co/y5XQWwR/2.jpg[/img][/url] Over the years of independence, the institute has trained more than 13000 physicians (including 800 clinical interns, 1116 masters, 200 postgraduates and 20 doctoral students) in various directions. 870 staff work at the institute at present,[when?] including 525 professorial-teaching staff in 55 departments, 34 of them are Doctors of science and 132 candidates of science. 4 staff members of the professorial-teaching staff of the institute are Honoured Workers of Science of the Republic of Uzbekistan, 3 – are members of New-York and 2 – members of Russian Academy of Pedagogical Science. The institute has been training medical staff on the following faculties and directions: Therapeutic, Pediatric, Dentistry, Professional Education, Preventive Medicine, Pharmacy, High Nursing Affair and Physicians’ Advanced Training. At present[when?] 3110 students have been studying at the institute (1331 at the Therapeutic faculty, 1009 at the Pediatric, 358 at the Dentistry, 175 students at the Professional Education Direction, 49 at the faculty of Pharmacy, 71 at the Direction of Preventive Medicine, 117 ones study at the Direction of High Nursing Affair). Today graduates of the institute are trained in the following directions of master's degree: obstetrics and gynecology, therapy (with its directions), otorhinolaryngology, cardiology, ophthalmology, infectious diseases (with its directions), dermatovenereology, neurology, general oncology, morphology, surgery (with its directions), instrumental and functional diagnostic methods (with its directions), neurosurgery, public health and public health services (with its directions), urology, narcology, traumatology and orthopedics, forensic medical examination, pediatrics (with its directions), pediatric surgery, pediatric anesthesiology and intensive care, children's cardiology and rheumatology, pediatric neurology, neonatology, sports medicine. The clinic of the institute numbers 700 seats and equipped with modern diagnostic and treating instrumentations: MRT, MSCT, Scanning USI, Laparoscopic Center and others. There are all opportunities to carry out sophisticated educational process and research work at the institute. Source: https://adti.uz/ [url=https://adti.uz/]medical institute[/url] Tags: medical institute 2 medical institute faculties Medical Institute ASMI student's medical library