Cybersecurity researchers discovered an unprotected Microsoft Azure Blob storage containing millions of files with personal and login details belonging to Internet Society (ISOC) members. The exposed information contained included names, addresses, social media account information, passwords and more.
As reported by cybersecurity researcher Bob Diachenko, the data leak was due to an association management system being “configured incorrectly,” leading to a Microsoft Azure Blob repository being open to the public for an undefined period of time. The cloud-based computing service had millions of JSON files that cybercriminals could have used for phishing attacks or identity fraud.
ISOC, a global non-profit organization that aims to make the internet more accessible for all and to ensure open internet development, discovered the leak on December 8, 2021. However, the issue has been resolved, with ISOC releasing a statement on the matter:
“I wanted to let you know that the active investigation into this issue has now concluded,” ISOC stated. “We have confirmed that the association management system we use was configured incorrectly by MemberNova, which made some Internet Society member data publicly accessible. Fortunately, we have not seen any instances of malicious access to member data as a result of this issue.”
ISOC added: “We notified all our members about this matter before the holidays and worked with MemberNova to correct the configuration issue and restore the system to normal operations.”
While no data has been used for malicious reasons, the leak could have led to scammers targetting ISOC members and using their email address, name or password to trick them into gaining access to financial information. Plus, with their personal details, threat actors could also impersonate ISOC members to commit fraud or identity theft in their name.
Back in October, a Twitch hack also exposed user and company data. It’s a good idea to keep your account secured with extra security precautions, and one of the best password managers and best authenticators apps can help keep your personal information private.