Data Breach Report: Cloud Backup Provider Exposes More than 135 Million Customer Records

April 1, 2020

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database, containing more than 135 million records. The database, claims vpnMentor, belongs to Cloud backup provider SOS Online Backup.

Based in the U.S., SOS Online Backup is a secure cloud-based backup provider, offering personal and business packages to customers around the world. They have 12 data centers around the world in the US, Canada, Australia, United Kingdom, India, Ukraine, and South Africa.

The team discovered the database in November 2019, analyzed the database on December 9th, and contacted SOS Online Backup the next day. While they didn’t receive a reply from the company, the breach was closed around December 19th, 2019.

The exposed database contained more than 135 million records, totaling almost 70GB of metadata related to user accounts on SOS Online Backup. This included structural, reference, descriptive, and administrative metadata covering many aspects of SOS Online Backup’s cloud services. Aside from metadata relating to SOS Online Backup, the database also contained personally identifiable information (PII) data of their customers. This included:

Full Name
Email address
Phone number
Internal company details (corporate customers)
Account usernames

Due to the size of the database, there’s potential it affected SOS Online Backup users around the world, impacting their entire user base, notes the vpnMentor team.

By exposing so much metadata and user PII, SOS Online Backup has made itself and its customers vulnerable to a wide range of attacks and fraud, warns the research team, as this database "could have been a goldmine for cybercriminals and malicious hackers, with access to cloud storage highly sought after in the online criminal underworld."

Finally, says the research team, there is also the potential for legal action from governments and regulatory bodies within countries that SOS Online Backup operates. California, where the company is based, recently passed the California Consumer Privacy Act (CCPA). "This is just one example of new government legislation tackling consumer data privacy and breaches in data security by private companies. If SOS Online Backup was found to be leaking the data of EU citizens, they would also fall within the jurisdiction of the bloc’s GDRP rules. Each of these eventualities would further damage SOS Online Backup’s reputation, market share, and revenue," adds the research team.

For the full report, visit vpnMentor's blog.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Organizations rely on application innovation, particularly API-driven applications, to fuel their business transformation and growth. Attackers know this and are constantly looking for ways to find the unfindable and break the unbreakable. They’ve got tools, motivation, and time on their side.

Poll

Comparison Metrics

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Data Breach Report: Cloud Backup Provider Exposes More than 135 Million Customer Records

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Data Breach Report: Cloud Backup Provider Exposes More than 135 Million Customer Records

Related Articles

Related Products

Related Events

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.