Gareth Corfield reports:
A business app developer’s unsecured Microsoft Azure blob left more than half a million confidential and sensitive documents belonging to its customers freely exposed to the public internet, The Register can reveal.
Information contained in the blob included occupational health assessments, insurance claim documents from US firms underwritten by Lloyds of London, and senior barristers’ private opinions about junior colleagues applying for promotion.
Read more on The Register.
Mark my words
Unsecured Azure blobs will be the misconfigured AWS buckets of 2018-2019, the misconfigured MongoDB databases of 2016, etc., the misconfigured elastic search or rsync instances, etc. etc….
Expect a million firms’ researchers and independent researchers to “discover” Azure blob leaks like this and want to grab headlines with huge numbers or reports of sensitive information.
Yes, yes, yes. It will all be true. And that’s the saddest part.