Alteryx Data leak: Everything You Need to Know
Alteryx Data leak once again highlights third-party vendor risk
One massive data leak after another, then another and then another – calling it a routine would be an understatement. Alteryx, a California-based data analytics firm is the latest in line to expose the sensitive personal information of millions of Americans publicly. How many exactly? 123 million. We’ve heard “Information of millions of Americans leaked” so many times in recent memory that we’ve moved past the point where it used to surprise us. The Alteryx data leak was discovered by UpGuard, a cybersecurity firm based out of California.
Alteryx’s file bucket, stored on Amazon Web Services S3 cloud storage was found to be unsecure, as in, without any protection (Did I spell ‘any’ right?). Heck, even you could have accessed it by just creating a free AWS account, just like over a million users of AWS. That’s it, that’s all one needed to get their hands on tens of millions of rows of data of virtually every American household. No hacking, no coding, no James Bond-style Goldfinger Hacking Jacket; a free account is all you needed. It was found on the internet like a piece of paper on the street, all you needed was to bend over!
You must have some questions regarding this data leak. Let us clear the air about Alteryx Data leak by answering few of the most asked questions.
Where exactly were the files located? How were they discovered?
Chris Vickery, UpGuard’s Director of Cyber Risk Research, found Amazon Web Services S3 cloud storage bucket on an “alteryxdownload” subdomain that had the sensitive information of the majority of American households. By default, AWS S3 allows only authenticated users to access the data stored. Unfortunately, this was not the case here.
On this subdomain, any AWS authenticated users could access these files (there’s that word again, any). By “authenticated” I mean ANY user who has an AWS account. One could easily create a dummy AWS account and get into the bucket. It was that simple!
What Information has been leaked?
Alteryx, being a data analytics firm is a partnered with Experian, a credit reporting agency, and US Census Bureau. As a result, the leaked repository had data provided by both Experian and the 2010 US Census. Although the files didn’t have the names, it is said to have 248 different data fields that include address, estimated income, phone number(s), the span of time for which your car has been in use and a countless number of other details. The primary database is of around 36 gigabytes. This files even know whether you’re a cat person or a dog person. And NO, I’m not kidding.
What does the researcher have to say?
“I’m a little disappointed that [Alteryx] would just leave it unencrypted out there for anybody, and that Experian would just give them a copy like that,” he said. “Keeping it open and in the clear is just asking for trouble,” said Chris Vickery UpGuard’s Director of Cyber Risk Research to Huffington Post.
“If you’re an American, your information probably was exposed,” he added.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown