Security News > 2020 > July > Leak Exposes Private Data of Genealogy Service Users

A server containing information of users of a genealogy service has exposed the data of 60,000 users, putting them at risk for fraud, phishing and other cybercriminal activity.

The leak exposed a MacKiev server with 25 gigabytes of Ancestry user data and MacKiev Software user subscriptions, including information such as email addresses, user location, user support messages and technical data.

The reason for the leak appeared to be misconfiguration of an ElasticSearch server, once again highlighting the importance of ensuring that data stored in the cloud is secure and free from common security mistakes, experts noted.

Given how much data is now stored in the cloud, experts said the leak demonstrates that a data-centric approach to security should be a priority among other approaches that protect only the network environment or other aspects of the cloud.

"No matter how much effort and investment are poured into securing the borders of their data environment, sensitive data inevitably will wind up in the wrong hands - either through intentional intrusion and theft, unintentional distribution, or pure lack of oversight," noted Trevor Morgan, product manager at data security firm comforte AG, in an email to Threatpost.

News URL

https://threatpost.com/leak-exposes-private-data-of-genealogy-service-users/157612/