The cybersecurity crew from Digital Shadows has come to the conclusion that, compared to last year, the number of exposed files has risen by 50% and that the total number of misconfigured servers is now 2.3 billion.
Among the types of data that is frequently exposed online is the following:
– Medical data
– Credit card numbers
– Payroll information
– Patents for intellectual property
Specifically, the number of medical records exposed has doubled this year. Nowadays, 4.4 million medical files are accessible online although they have no business being publicly available. For example, there is a full name attached to an x-ray scan that can be found online, which can potentially be misused for the purposes of identity theft or harassment.
In the process, the cybersecurity researchers also stumbled upon 212,000 files on the server belonging to a UK-based IT consultancy company. Some of them had full usernames and passwords written in them.
Overall, the US is the worst offender in terms of the total amount of data exposed, followed by France and Japan.
On the bright side, things seem to be improving. Last year, 16 million files were found to be originating from S3 buckets. Since then, Amazon has stepped up their game and introduced a Block Public Access feature which helped improve the situation dramatically.
According to the researchers, GDPR has played a pivotal role in reducing exposure, particularly in The Netherlands and Luxembourg.