Have you traveled around South East Asia recently? Did you travel on Malindo Air or Thai Lion Air?

In 2019, more than 2.7 billion identity records were already breached and available for sale on the Web. 

With the 2018 Cathay Pacific data leak with 9.4 million records fading in view, this time it was said to be at 21 million records for Malindo Air and Thai Lion Air breached, available for sale on the Web, simply because of an insecure Amazon data bucket. 

Data breached include:

– Name
– Date of birth (DOB)
– Passport number
– Passport expiry
– Mobile phone number

This incident yet again showed that:

– Cybersecurity is complex and requires discipline and deep knowledge,
– Cloud services, though convenient, needs extra vigilance,
– Data privacy is increasingly threatened, and who is accountable?

A rash of sensitive data has now been left open to the Internet due to misconfigured cloud services. Given the number of businesses that rely on companies like Amazon, Google, and Microsoft for compliance on some or all of their cloud needs, it is increasingly important to ensure cloud storage is secure.

Michael Petit, Cloud Security Head – Asia Pacific & Japan, Check Point Software Technologies Ltd, commented: “Data stored in cloud services like Amazon Web Services (AWS) S3 buckets are only as secure as their security configuration settings. Cloud services are convenient but requires proper configuration for the best security possible within the confines of such technologies.” 

Companies may have hundreds, thousands or even millions of S3 buckets or similar cloud data storage on other platforms. 

“With such complexity of data storage in the cloud, it is imperative for companies to persistently audit and correct misconfigurations, as cloud services may also change their settings occasionally,” said Petit. 

“This is a necessarily laborious and time-consuming process for companies. Companies can also tap on more automated cybersecurity solutions that may help to alleviate human errors in configuration, and help to actively enforce cybersecurity best practices, and reduce identity theft and data loss in the cloud.”