Data Breach Report: Cloud Backup Provider Exposes More than 135 Million Customer Records

April 1, 2020

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database, containing more than 135 million records. The database, claims vpnMentor, belongs to Cloud backup provider SOS Online Backup.

Based in the U.S., SOS Online Backup is a secure cloud-based backup provider, offering personal and business packages to customers around the world. They have 12 data centers around the world in the US, Canada, Australia, United Kingdom, India, Ukraine, and South Africa.

The team discovered the database in November 2019, analyzed the database on December 9th, and contacted SOS Online Backup the next day. While they didn’t receive a reply from the company, the breach was closed around December 19th, 2019.

The exposed database contained more than 135 million records, totaling almost 70GB of metadata related to user accounts on SOS Online Backup. This included structural, reference, descriptive, and administrative metadata covering many aspects of SOS Online Backup’s cloud services. Aside from metadata relating to SOS Online Backup, the database also contained personally identifiable information (PII) data of their customers. This included:

Full Name
Email address
Phone number
Internal company details (corporate customers)
Account usernames

Due to the size of the database, there’s potential it affected SOS Online Backup users around the world, impacting their entire user base, notes the vpnMentor team.

By exposing so much metadata and user PII, SOS Online Backup has made itself and its customers vulnerable to a wide range of attacks and fraud, warns the research team, as this database "could have been a goldmine for cybercriminals and malicious hackers, with access to cloud storage highly sought after in the online criminal underworld."

Finally, says the research team, there is also the potential for legal action from governments and regulatory bodies within countries that SOS Online Backup operates. California, where the company is based, recently passed the California Consumer Privacy Act (CCPA). "This is just one example of new government legislation tackling consumer data privacy and breaches in data security by private companies. If SOS Online Backup was found to be leaking the data of EU citizens, they would also fall within the jurisdiction of the bloc’s GDRP rules. Each of these eventualities would further damage SOS Online Backup’s reputation, market share, and revenue," adds the research team.

For the full report, visit vpnMentor's blog.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Data Breach Report: Cloud Backup Provider Exposes More than 135 Million Customer Records

Related Articles

Related Products

Related Events

Report Abusive Comment