TechCrunch has reported that sensitive client data of a law firm were reportedly exposed online for six months in a supplier's unsecured database, often called a "cloud storage bucket".
The roughly 184,000 documents which were accessible included "private and privileged financial and legal documents, contracts, non-disclosure agreements, financial deals and files relating to high-profile acquisitions" according to the report
The law firm in question was not attacked directly and there is no suggestion that their own systems were compromised. Instead, all of this data was exposed as a result of a badly configured cloud server operated by a vendor who was contracted to create a cloud-based storage platform.
Whilst eye-opening, this is not a one-off event.
- In February of this year, the US Department of Defence secured a server which had been exposing military emails to the open internet for two weeks
- In October 2022, sensitive information for some Microsoft customers were exposed by another misconfigured server, containing work documents, project details, invoices and personally identifiable information
Automated monitoring for exposed storage
No business has complete control over the security of data in their vendor's hands. However, technologies such as Darkbeam's Supplier Cyber Risk Management platform do enable companies to check for vulnerabilities within vendors and monitor the dark web for indications of a breach.
Screenshot from the Darkbeam platform
Darkbeam's platform includes checks for exposed cloud storage as standard (even in the free version). This functionality shows all storage buckets associated with a domain, specifying whether they have been secured or not.
Uncover third-party vulnerabilities at scale
Darkbeam's platform operates at a large scale, with some clients monitoring over 30,000 suppliers and relevant third-parties. Its highly automated nature means that comprehensive vulnerability monitoring at this scale remains cost effective and manageable.
Not only does this provide enhanced visibility of vulnerabilities within third-parties, it does so in a near-instant, highly cost effective manner. As such, manual Vendor Risk Assessment forms can be augmented or completely replaced by fully automated, continuously updated, interrogatable reports.
Create a free account (no credit card required) for Darkbeam's Supplier Cyber Risk Management platform to begin uncovering vulnerabilities such as exposed online storage among your vendors. To learn more about Darkbeam's Supplier Threat Intelligence (dark web monitoring) capabilities, contact us using the form below or by calling +44 (0)20 3833 0348.