The Internet Society (Internet Society, abbreviated as ISOC) was formally established in January 1992 and is a global internet organization that plays an important role in promoting internet globalization, accelerating network interconnection technology, developing application software, and improving internet penetration rates.
On December 8, 2021, Clario's security researchers discovered a large amount of insecure data in an open and unprotected Microsoft Azure blob storage repository, containing millions of files. Subsequently, the team collaborated with independent cybersecurity researcher Bob Diachenko to report the incident.
Bob found that these data come from the members of the International Internet Society (ISOC), including names, genders, addresses, email addresses, login accounts, and passwords, all stored in json files. Clario's security researchers said that such detailed information is very likely to come from the International Internet Society (ISOC), which means their privacy is severely threatened.
In the report, they added that based on the size and nature of the exposed repository, we believe that the login accounts and passwords of all members are very likely to be exposed on the Internet at some point in the future.
After discovering this situation, security researchers immediately reported the incident to ISOC via email. ISOC immediately launched a detailed investigation into the leakage incident and began to protect these data.
One week later (December 15), ISOC released an investigation report on the leakage incident, attributing the cause to the configuration error of its management service provider MemberNova, which allowed the information of some ISOC members to be publicly accessible on the Internet. No other malicious events have been found due to the data leakage, and the incident has been reported to the members.
Clario security researchers believe that it is inappropriate for ISOC to have such a serious personal information leakage incident, which will have a serious impact on ISOC's reputation and expose its members to potential network attack risks in the future.
Reference source: https://www.infosecurity-magazine.com/news/internet-society-data-leaked/
评论已关闭