What the CVS database leak teaches us about

Last month, CVS made headlines after a misconfigured cloud database left over 1 billion records exposed. Discovered by independent cybersecurity researcher Jeremiah Fowler months earlier, the records were accessible via a nonpassword protected database hosted by a third-party provider. CVS attributed the leak to human error, and acted swiftly to secure the database the day the issue was reported.

The records consisted of visitor and session IDs, device information, and event data. Some email addresses were also discovered, though CVS claims they were not customer account records and were entered into the search bar by visitors who mistakenly thought it was the account login field.

Fowler noted that it could have been possible to match a user’s session ID with what they searched for or added to the shopping cart during that session, and then try to identify the customer using the exposed emails, though there’s no evidence that a malicious actor did this successfully.

  • Published: 12-09-2021

  • Related Category: Data Security

  • Type of Content: Articles

  • Owner: TrustedSite

This incident is a great reminder that security practitioners are not only responsible for securing assets created in-house, but also those that are created and managed outside of the organization. Though the third-party was responsible for the misconfiguration error in this case, theirs isn’t the name that was tarnished. In fact, the third-party vendor remains anonymous. In headline after headline, CVS is taking the blame.

So, what lessons can we take away here? Well most obviously, ensure that all your assets are properly secured with passwords and authentication mechanisms. That may or may not be an easy task depending upon the number of internet-facing assets within your organization.

Unless you’re actively practicing attack surface management, you may not have a clear picture of what your perimeter looks like and the security status of individual assets. So if you haven’t already implemented a tool to continuously detect assets on your attack surface and monitor them for issues, now is the time to do so.

>> Download Article to continue reading.

Related Articles: