Data Breach Report: Cloud Backup Provider Exposes More than 135 Million Customer Records

April 1, 2020

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database, containing more than 135 million records. The database, claims vpnMentor, belongs to Cloud backup provider SOS Online Backup.

Based in the U.S., SOS Online Backup is a secure cloud-based backup provider, offering personal and business packages to customers around the world. They have 12 data centers around the world in the US, Canada, Australia, United Kingdom, India, Ukraine, and South Africa.

The team discovered the database in November 2019, analyzed the database on December 9th, and contacted SOS Online Backup the next day. While they didn’t receive a reply from the company, the breach was closed around December 19th, 2019.

The exposed database contained more than 135 million records, totaling almost 70GB of metadata related to user accounts on SOS Online Backup. This included structural, reference, descriptive, and administrative metadata covering many aspects of SOS Online Backup’s cloud services. Aside from metadata relating to SOS Online Backup, the database also contained personally identifiable information (PII) data of their customers. This included:

Full Name
Email address
Phone number
Internal company details (corporate customers)
Account usernames

Due to the size of the database, there’s potential it affected SOS Online Backup users around the world, impacting their entire user base, notes the vpnMentor team.

By exposing so much metadata and user PII, SOS Online Backup has made itself and its customers vulnerable to a wide range of attacks and fraud, warns the research team, as this database "could have been a goldmine for cybercriminals and malicious hackers, with access to cloud storage highly sought after in the online criminal underworld."

Finally, says the research team, there is also the potential for legal action from governments and regulatory bodies within countries that SOS Online Backup operates. California, where the company is based, recently passed the California Consumer Privacy Act (CCPA). "This is just one example of new government legislation tackling consumer data privacy and breaches in data security by private companies. If SOS Online Backup was found to be leaking the data of EU citizens, they would also fall within the jurisdiction of the bloc’s GDRP rules. Each of these eventualities would further damage SOS Online Backup’s reputation, market share, and revenue," adds the research team.

For the full report, visit vpnMentor's blog.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 December

This month, Security magazine brings you the 2020 Guarding Report - a look at the ebbs and flows security officers and guarding companies have weathered in 2020, including protests, riots, the election, a pandemic and much more. Industry experts discuss access management and security challenges during COVID-19, GSOC complacency, the cybersecurity gap, end-of-year security career reflections and more!

View More Create Account

Data Breach Report: Cloud Backup Provider Exposes More than 135 Million Customer Records

Related Articles

Related Products

Related Events

Report Abusive Comment