French news site L’Express exposed reader data online, failed to promptly secure it when notified
Zack Whittaker and Rayna Stamboliyska report on a data leak where it sounds like the researcher who uncovered the leak took more diligent steps to secure the data than the entity did. Here’s a bit from ZDNet’s report, but do read the whole thing. I’ve changed their headline, which emphasized GDPR, to my own perception of the incident.
French weekly news magazine L’Express left a server containing a database of its readers exposed online for weeks without a password.
Even after the Paris-based magazine was warned of the exposure, the database wasn’t secured for another month, leaving its contents accessible and downloadable by anyone, including hackers that made several attempts to ransom the data.
Mickey Dimov, a Florida resident and recent high school graduate who now works in security operations for a major defense contractor, told ZDNet that he found the database by chance. At about 60 gigabytes in size, the database was packed with data on over 693,000 readers, and other information critical to the magazine’s online operations.
Read more on ZDNet.