Data Breach Report: RigUp Exposes More Than 70,000 Private Files

April 9, 2020

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to American software company RigUp, containing more than 70,000 private files belonging to its US energy sector clients.

RigUp, founded in 2014, is a labor marketplace and services provider built for the US energy sector, with clients across the country. According to the report, since 2014, RigUp has grown to provide additional services covering many aspects of energy company operations and is now considered the largest online marketplace and labor provider in the US energy sector, and in 2019 secured $300 million of investment, based on a $1.9 billion valuation.

The breached database contained more than 70,000 private files belonging to companies and individuals using RigUp’s platform, note the researchers. Had it been discovered by malicious hackers, or leaked to the general public, warn the researchers, the impact on RigUp, its clients, and 1,000s of energy workers across the USA could have been devastating.

The exposed database was an Amazon Web Services (AWS) S3 bucket, labeled “ru”, says the report, and many of the files contained within included RigUp’s name. Based on this, the vpnMentor team was quickly able to confirm the company as the database’s owner.

The vpnMentor team commends RigUp for responding positively to their disclosure, "especially at a time when it must be experiencing considerable disruption, due to the coronavirus pandemic," write the researchers. The company took full responsibility for the leak and guaranteed a root cause analysis would be conducted.

Example of Entries in the Database

According to the researchers, the exposed S3 bucket was a live database, with more than 76,000 files exposed, amounting to more than 100GB of data, dating from July 2018 to March 2020.

It appears the database was a ‘file dump’ used by RigUp to store various kinds of files belonging to its clients, contractors, job seekers, and candidates for employment. The human resources files being leaked included:

Employee and candidate resumes
Personal photos, including some private family photos
Paperwork and IDs related to insurance policies and plans
Professional IDs
Profile photos, including US military personnel
Scans of professional certificates in different fields

These files contained considerable Personally Identifiable Information (PII) data for the people affected, including:

Full contact details: names, address, phone numbers, home addresses
Social Security information
Dates of birth
Insurance policy and tax numbers
Personal photos
Further information relating to education, professional experience, personal lives

For the more information and the full report, visit vpnMentor.com

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.