How the largest Romanian real estate portal could have prevented a massive cloud data breach

By Ovidiu Cical
Tuesday, February 9, 2021
How the largest Romanian real estate portal could have prevented a massive cloud data breach

Can cloud misconfigurations affect your company?

Yes, they can! In this case, Romania's largest real estate portal has suffered a data breach due to a misconfiguration. Website Planet detected that the portal's AWS S3 buckets were publicly available without any protection, back in December 2020. As a result, more than 200,000 records were exposed.

Anyone with the URL could access the buckets and Personal Identifying Information (PII) stored there. Users' data such as full names, emails, phone numbers, Social Security Numbers (CNP), or even scanned copies of national ID cards including identifying codes were leaked.

The AWS (Amazon Web Services) S3 Access Points feature provides settings for access points, buckets, and accounts to help companies manage the public access to their resources. More information can be found on Amazon's Documentation Portal: https://aws.amazon.com/ premiumsupport/ knowledge-center/ read-access-objects-s3-bucket

By default, new buckets do not allow public access. However, users can modify bucket policies and allow public access. Since these individual settings are customizations enabled to better suit a specific organization's needs, the responsibility is no longer with the cloud provider.

Even if the unintentional breach was fixed after Website Planet reported it, the precise number of people affected remains unknown and the culpability for this data leak lies entirely with the real estate portal.

This could have easily been prevented with the implementation of a Cloud Security Posture Management (CSPM) tool. These solutions are developed to detect any misconfigurations and to prevent this type of event.

As a CSPM, Cyscale Cloud Platform is the perfect tool that helps companies reduce risk. It enables complete visibility and control over cloud accounts in under 5 minutes since deployment.

Cyscale's platform is equipped with an alert mechanism, that detects and informs security and cloud ops about exposed assets and helps them address these issues in time.

Mistakes such as having your company's buckets exposed, without password protection or encryption can be detected and fixed in time, you just need someone to guide you. We are ready to assist you with your Cloud Security.

Interesting? Share it

Stay connected

Receive new blog posts and product updates from Cyscale

Product Playground

View a fully-populated product demo. All features - no setup, no commitment.

Schedule a Demo

Sign up for a custom demo to see how we close security gaps and help you move to the cloud.

Request a Demo >
Cloud Data Security For AWS: An In-Depth Guide
CSPMThursday, September 29, 2022

Cloud Data Security For AWS: An In-Depth Guide

By Sabrina Lupșan
Understanding S3 Bucket Security – A Contextual Approach
CSPMFriday, September 16, 2022

Understanding S3 Bucket Security – A Contextual Approach

By Sabrina Lupșan
HIPAA Compliance in the Cloud
ComplianceMonday, September 12, 2022

HIPAA Compliance in the Cloud

By Sabrina Lupșan
Cyscale Logo
Cyscale helps companies embrace their digital future by protecting apps and data in the cloud. With the innovative Security Knowledge Graph™ at its core, Cyscale helps you easily track security and compliance across your multi-cloud environment.

Stay connected

Receive new blog posts and product updates from Cyscale

By clicking Subscribe, I agree to Cyscale’s Privacy Policy


© 2022 Cyscale Limited

crunch base icon
angel icon