Jan 3, 2020 12:55:53 PM
.jpg?width=200&height=78&name=CH%20Diligence%20(thicker%20line).jpg "CH Diligence (thicker line)")
Jan 3, 2020 12:55:53 PM
The target: Wyze, a Seattle-based smart home device maker.
The take: Email addresses, IP addresses, WiFi SSID’s and device information of 2.4 million customers.
The attack vector: During the deployment of a new database, a mistake by an employee removed all of the security protocols governing the system, thus exposing the information. In total, two exposed Elasticsearch databases and one MySQL production database were freely accessible and the attackers were then able to access and download the leaked information.
Deployment of new technology is a potentially critical point of vulnerability. Any changes intended for the production environment should be tested in a private staging environment and audited/tested wherever possible to avoid introducing gaps into a firm’s security posture.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montréal
1080 Côte du Beaver Hall, Suite 904
Montréal, QC
Canada, H2Z 1S8
+1-450-465-8880
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy