.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: RATP
Dec 10, 2021 11:32:43 AM
The Target: Régie Autonome des Transports Parisiens
The Take: Exposure of 3 million records of Personally Identifiable Information belonging to 60,000 employees including: full names, email addresses, source code and APIs, logins for their RATP accounts, hashed passwords, and more critically, access to the firm’s Github account where attackers could access ongoing projects.
The Vector: The data was left open and accessible to public on an unsecured SQL database backup server, allowing anyone with internet access to connect and view the sensitive information.
It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data exposure. This breach highlights the multiplicative effects of these cascading pivot attacks which is why it’s important to lock down every point of access in an IT system.
