The Target: The Internet Society or ISOC, a non-profit organization whose mission is to keep the internet open source and secure.
The Take: Exposure of Personally Identifiable Information of 80,000 records including: full names, email addresses, physical mailing addresses, and login information.
The Vector: A third-party vendor misconfigured a database server, leaving it open and accessible by anyone with an internet connection.
It is important to employ all-encompassing credential management, user authentication and validation, as much possible, on third-party vendors which have access to a firm’s data. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data exposure.