DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Data Engineering
  3. Databases
  4. The Importance of Securing Your Database (and the Cost of Failure)

The Importance of Securing Your Database (and the Cost of Failure)

It was recently discovered that a database holding personal information of thousands of people was left without a password. See the costs and learn the lessons of not doing due diligence.

Yaniv Yehuda user avatar by
Yaniv Yehuda
·
Oct. 20, 16 · Opinion
Like (2)
Save
Tweet
Share
3.49K Views

Join the DZone community and get the full member experience.

Join For Free

A recent blog post by Chris Vickery, a leading security research member of the MacKeeper security research team, described an incident that exposed the personal information of more than 18,000 members of remote Guatemalan and South African villages. The database was entirely without passwords, providing the public access to over 40 gigabytes worth of customer data.

A database whose security was nonexistent and left open to the public, some think, for months.

Because of this colossal mistake, anyone who wanted it had access to each customer’s full name, address, exact GPS coordinates of their home, occupation, and cell phone number. They also had access to photos of each person’s ID card and documents, which contained their unique state identification number, gender, marital status, nationality, birthplace, and signature or fingerprint (depending on whether the customer is literate). Most also included a picture of the customer’s home.

This lack of database security can have horrific results. Many of these people do not have access to the Internet, which means that they may not even be aware of the giant breach of privacy that they have fallen victim to. Likewise, besides opening the door to identity theft, these regions are especially known to have been plagued by human rights violations by business interests and drug cartels that commit acts like private surveillance or even murder. Therefore, by not heightening their database security, Kingo has endangered their own customers’ lives.

Furthermore, to anyone who knows where to look, a database without structured database security can be found quite easily. Using search engines like Shodan.io, unprotected databases are simply a click away. Search engines like Shodan scour the web in search of unprotected webcams, systems, and databases. Which, unfortunately, allows just about anyone find thousands of innocent people’s personal information.

However, despite the disastrous effects of this mistake on the lives of its customers, Kingo will likely face almost zero legal repercussions in either country that it operates in. This is because neither country has the adequate laws to protect their citizens’ data due to their tumultuous political climates. This leaves companies like Kingo very little motivation to improve database security.

Since Vickery discovered this open database, he has reached out to the company who has since put a password in place. But it is very likely that the damage has already been done.

There is no telling the disastrous effects that can occur due to a lack of database security. People’s identity, money, and even lives are dependent on that personal information remaining private. Businesses must be aware of that and take whatever precautions they can to ensure that their customers' privacy is respected. As can be seen here, not doing so is irresponsible, unprofessional, unethical, and downright dangerous.

Database

Published at DZone with permission of Yaniv Yehuda, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Connecting Your Devs' Work to the Business
  • Handling Automatic ID Generation in PostgreSQL With Node.js and Sequelize
  • Problems of Cloud Cost Management: A Socio-Technical Analysis
  • A Simple Union Between .NET Core and Python

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: