US Democratic party fundraising firm leaves data-filled NAS open to IoT search

Bill Evans of One Identity

Reports are emerging that a consumer-grade network attached storage (NAS) device owned by Rice Consulting, a fundraising firm working primarily with the Democratic Party in the US, containing client data and passwords giving access to other organisations, was left publicly accessible. A member of the Hacken cyber risk security team discovered an unprotected instance in Buffalo TeraStation NAS.

The factory-set authentication of the NAS device was disabled, leaving it open to being spotted and indexed by Shodan or Google’s IoT search engine. The data leakage has highlighted the firm’s failure to implement basic security measures to protect swathes of highly sensitive voter and donor data.

Commenting on the news, Bill Evans, senior director at One Identity said: The concerning thing about this leak is the fact that the factory-set authentication had been disabled. While we may never know why it was disabled, it was most likely done for convenience. Although it can be a hassle to manually manage administrative passwords, organisations must do their utmost to protect their ‘keys to the kingdom

Evans continued, “This brings to light the real problem with the proposed California legislation, which intends to ensure the security of IoT (Internet of Things) devices by requiring unique passwords, among other measures. Like in this most recent case, administrators and users may simply change or disable those security features for convenience making a device or system inherently unsecure.

Enterprises would be best served at looking at the myriad options for automating the management of their privileged accounts to ensure leaks like this don’t happen again,” he added.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

Recent Articles

Laird’s BL653 modules support long-range BLE applications in harsh environments

Posted on: July 10, 2020

New Product Introduction (NPI) distributor, Mouser Electronics, Inc., is now stocking the BL653 Series of modules from Laird Connectivity.

Read more

Handy AV appoints Oram as CTO

Posted on: July 9, 2020

Handy AV has appointed Ben Oram as its chief technology officer (CTO). Handy AV is welcoming him to the team to develop and drive innovation for their cloud-based Blue River platform and range of digital retail products.

Read more