The German hacker group Chaos Computer Club (CCC) has found more than 50 data breaches giving them access to 6.4 million personal data. The club reports this in a message on their website.
The hacker club found data leaks at 50 companies and institutions, including the Dutch Ministry of Health, Welfare and Sport.
In addition, it mainly concerned German companies, including BMW, Deutsche Bahn, Deutsche Post, Deutsche Telekom and Nestle. At these companies, they could view the personal data of customers, passengers, patients and users.
It was mainly personal data that the club could view, but also some private keys and access tokens for cloud services. In the hands of malicious hackers, personal data can be used to defraud people, for example through phishing. That is why it is important that organizations have their data security in order.
The CCC often found the information in simple ways. They were accessed through unsecured MySQL servers, Elasticsearch installations, Git repositories, and Symfony profilers. Most companies didn’t have to put in much effort to access personal data.
The CCC immediately reported the affected companies and authorities. Three-quarters of the authorities thanked the hacker club and closed the leak. Ten per cent of the companies did not respond but did solve the problems.
Tips from the hackers
The CCC makes various recommendations on their site to companies and agencies about the security of their data. They indicate that access tokens for cloud services must be handled more securely.
They also say that companies should not make test systems accessible online and especially should not test with real user data. Then the chance of data leaks like this one is a lot smaller.
In addition, they recommend that you do not store backups, log files, and configuration files in freely accessible directories of web servers.
The group says it will continue to investigate data breaches.
Catch up on more articles here
Follow us on Twitter here