A recent discovery regarding the Japanese game developer, Ateam, highlights the potential consequences of improperly configured cloud storage systems. The company, known for its mobile games and content creation, accidentally exposed personal data of approximately one million individuals over a six-year period.
In November 2023, Ateam discovered that a Google Drive instance had been set to “Anyone on the internet with the link can view” since March 2017. This mistake led to the exposure of 1,369 files containing personal data of Ateam’s customers, business partners, employees, interns, and candidates. Of the affected individuals, 98.9% were customers, with a total of 935,779 people having their data exposed. Ateam Entertainment, a subsidiary of Ateam, accounted for 735,710 individuals whose data was disclosed.
The compromised information includes full names, email addresses, phone numbers, customer management numbers, and device identification numbers. While there is no evidence that intruders accessed or misused the exposed data, Ateam advises affected individuals to remain vigilant and report any suspicious communications.
This incident underscores the importance of properly securing cloud services to prevent data breaches. Improperly configured cloud storage instances, as in this case, can unintentionally make sensitive information public. Although it is unlikely for individuals to stumble upon exposed URLs themselves, the risk of malicious actors discovering and exploiting such vulnerabilities remains a concern.
It is not uncommon for researchers or criminals to find improperly configured cloud services and exploit the exposed data for personal gain. Past examples demonstrate the potential consequences when leaked or sold data is used for blackmail or other malicious activities. To address this issue, various tools have been developed to scan for exposed cloud storage instances, and organizations are encouraged to adhere to cybersecurity guidelines to effectively safeguard their cloud services.
The Ateam incident serves as a reminder that even minor configuration errors can have serious consequences. Taking appropriate measures to protect sensitive data and ensure the privacy of individuals is crucial in an increasingly digital world.
Source: [link to the original article]
The source of the article is from the blog lokale-komercyjne.pl