Join today and have your say! It’s FREE!

Become a member today, It's free!

We will not release or resell your information to third parties without your permission.
Please Try Again
{{ error }}
By providing my email, I consent to receiving investment related electronic messages from Stockhouse.

or

Sign In

Please Try Again
{{ error }}
Password Hint : {{passwordHint}}
Forgot Password?

or

Please Try Again {{ error }}

Send my password

SUCCESS
An email was sent with password retrieval instructions. Please go to the link in the email message to retrieve your password.

Become a member today, It's free!

We will not release or resell your information to third parties without your permission.
Quote  |  Bullboard  |  News  |  Opinion  |  Profile  |  Peers  |  Filings  |  Financials  |  Options  |  Price History  |  Ratios  |  Ownership  |  Insiders  |  Valuation

Bullboard - Stock Discussion Forum Data Deposit Box Inc DDBXF

Data Deposit Box Inc develops and operates off-site computer data storage facilities and other business computer applications for commercial business customers in Canada. It offers continuous cloud backup; mobile backup; and email archiving services.

OTCPK:DDBXF - Post Discussion

Data Deposit Box Inc > Massive data hack at DDB storage of S3 Amazon
View:
Post by auricgold on Mar 25, 2020 1:30pm

Massive data hack at DDB storage of S3 Amazon

https://www.securitymagazine.com/articles/91985-data-breach-report-cloud-storage-exposes-users-private-information

Data Breach Report: Cloud Storage Exposes 270,000 Users’ Private Information

Data Breach Report: Cloud Storage Exposes 270,000 Users’ Private Information

The Cloud Is NOT a Product
March 25, 2020
 
Order Reprints

Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor’s research team recently found a serious breach in an open Amazon S3 bucket owned by secure cloud storage provider Data Deposit Box.

The leak exposed detailed information about 270,000 private files uploaded by customers through the company’s secure cloud storage service. The database also revealed personally identifiable information (PII) of customers, which could have serious consequences for those affected.

Data Deposit Box is a public company that offers secure cloud backup storage services to individuals and small businesses. The business is based in Canada but has over 350,000 users spread across 84 countries. Data Deposit Box allows customers to continuously backup an unlimited number of devices to their accounts through the company’s app and web portal.

The research team identified Data Deposit Box as the owner of the database and reached out to the company to share their findings and provide guidance on how to resolve the issue. Once they received a reply, Data Deposit Box responded quickly to secure the data. The company assured the vpnMentor research team that they are currently working with their customers to ensure their data is safe going forward.

  • Date discovered: December 25, 2019
  • Date owners contacted: December 30, 2019
  • Date database closed: January 6, 2020

Example of Entries in the Database

More than 270,000 files were exposed in the data breach, with leaked files dating back from 2016 to the present day. The research team was able to view sensitive user account information, as well as some of the stored contents. Examples of leaked private user data include:

  • Admin login credentials, including usernames and unencrypted passwords
  • IP addresses
  • Email addresses
  • GUIDs (globally unique identifiers for resources)

Data Deposit Box leaked login credentials

They were able to view users’ login credentials in plain text. In the image above, the censored text contained unencrypted administrator usernames, passwords, and users’ local computer name and GUID.

You can see an example of an email address exposed in the breach in the code here:

Data Deposit Box leaked emails

Through the leaked database, they were also able to view some information about users’ stored files. This included each file name, type, size, the date last modified, and the file path on the user’s local disk. An example of this can be found below.

Data Deposit Box leaked file names

Data Deposit Box isn’t the only cloud storage provider impacted by this. "Whenever a serious data breach occurs, it can have consequences for the entire industry. Competitors in the cloud storage services industry may find it more challenging to convince customers to trust them. These companies may need to do more to prove to customers that their service is truly secure," says the research team. 

For the full report, visit the vpnMentor blog. 

Comment by auricgold on Mar 25, 2020 1:39pm
this was DDB mess. did they stop paying their guy? This is a liability. HOSTPAPA genius bought a company with all files hacked in it. what a joke on them. I am guessing the management knew there were laxism in security protocols.
The Market Update
{{currentVideo.title}} {{currentVideo.relativeTime}}
< Previous bulletin
Next bulletin >

At the Bell logo
A daily snapshot of everything
from market open to close.

{{currentVideo.companyName}}
{{currentVideo.intervieweeName}}{{currentVideo.intervieweeTitle}}
< Previous
Next >
Dealroom for high-potential pre-IPO opportunities