VpnMentor has discovered a breached database belonging to cloud backup provider SOS Online Backup, said to contain data relating to around 135 million customer records.
The research team was able to access the breached database because it was left completely unsecured and unencrypted, described as a serious lapse in data security by an industry-leading provider.
The exposed database is said to have amounted to nearly 70GB of metadata relating to user accounts. This breach included structural, reference, descriptive and administrative metadata. The database also contained customers’ personal information, including full names, contact details and usernames.
VpnMentor discovered the breach in November 2019, and its research team analyzed it on December 9th. The team contacted SOS Online Backup the next day, and the company closed the breach in mid-December.
By exposing such a vast amount of metadata and user information, SOS Online Backup has made itself and its customers vulnerable to malicious attacks and fraud. In the report, the research team warned this database "could have been a goldmine for cybercriminals and malicious hackers, with access to cloud storage highly sought after in the online criminal underworld."
There is also the potential SOS Online Backup will face legal action from governments and regulatory bodies in the countries it operates. For instance, California, where the company is based, passed the California Consumer Privacy Act, which may come in to play as this situation develops.
How enterprises are embracing cyber security challenges
Enterprises across Europe, the Middle East and Africa are undergoing a significant transformation
Based in the U.S., SOS Online Backup offers personal and business packages to customers around the world. The company has emphasized it is able to provide customers with 100% data privacy, safety and security across all devices. After a massive data breach like this, such a claim may no longer ring true.
