With GDPR just around the corner, companies need to stop ignoring breach warnings, downplaying incidents and ultimately take responsibility. The lack of preparedness and accountability from this firm (and others we see first hand) is quite discouraging.
French weekly news magazine L'Express left a server containing a database of its readers exposed online for weeks without a password. Even after the Paris-based magazine was warned of the exposure, the database wasn't secured for another month, leaving its contents accessible and downloadable by anyone, including hackers that made several attempts to ransom the data. Mickey Dimov, a Florida resident and recent high school graduate who now works in security operations for a major defense contractor, told ZDNet that he found the database by chance. At about 60 gigabytes in size, the database was packed with data on over 693,000 readers, and other information critical to the magazine's online operations. Through an intermediary, Dimov contacted the company in January. After hearing nothing back, he contacted ZDNet, which also alerted the magazine to the exposure.