Millions of Unsecured Member Details Discovered at Internet Society
Clario has collaborated with independent cybersecurity researcher Bob Diachenko to unveil and responsibly report the incident described in this data breach report.
The Internet Society (ISOC) is one of the oldest and most important international non-profit organizationss related to the internet, but, despite its prestigious reputation, personal details of its members were found to have been exposed in a recent data security breach.
Our team of researchers recently discovered an open and unprotected Microsoft Azure blob repository containing millions of files with personal and login details belonging to ISOC members.
Founded in 1992, ISOC’s mission is to ensure open internet development by enhancing and supporting internet use for organizations and individuals worldwide. As half of the world does not have online access, the organization’s initiatives are aimed at reducing this divide and making it more accessible. According to the body, its membership has now grown to more than 80,000.
|Data Leak Discovered||December 8th, 2021|
|Reported On||December 8th, 2021|
|Was the Issue addressed?||Yes|
|Comment provided by the Internet Society?||Yes|
Data Exposure Summary
The open and unprotected Microsoft Azure blob repository contained millions of files with personal and login details belonging to ISOC members and potentially putting their privacy at risk.
Based on the size and nature of the exposed repository, we can assume that all of the members' login and adjacent information was open to the public internet for an undefined period of time.
A blob container named ISOC contained millions of json files that were structured to include the following:
- password hash
- isActive / Visible flags
- social media tokens (if used to login): LinkedIn/Google/Facebook/Twitter
- address (with zip and coordinates)
- full name
- pioneer (true or false flag)
- total donation account (amount)
- + other service lines
As soon as the sensitivity of the data and the owner of the repository was confirmed, an email alert was sent to ISOC. On December 15th 2021, the repository was secured and the organization provided the following comment:
Thank you again for following up.
I wanted to let you know that the active investigation into this issue has now concluded. We have confirmed that the association management system we use was configured incorrectly by MemberNova, which made some Internet Society member data publicly accessible. Fortunately, we have not seen any instances of malicious access to member data as a result of this issue.
We notified all our members about this matter before the holidays and worked with MemberNova to correct the configuration issue and restore the system to normal operations. We have also just let our members know that the investigation has wrapped up.
Thank you again for bringing this issue to our attention as your notice allowed us to quickly resolve the situation.
Data Breach Impact
While many ISOC members are looking to support the organization in its mission, the exposure of their sensitive details could have put them at risk of being attacked by cybercriminals.
Phishing is a form of cybercrime where scammers target online users to hand over money or personal information. With information such as an email address, name or password, they could have tricked ISOC members into transferring them cash or inadvertently falling prey to a hack.
Identity Theft or Fraud
With personal details such as name, date of birth or email address, scammers could have impersonated ISOC members to commit fraud or identity theft in their name. For example, they could have potentially set up online accounts or even donated funds without their knowledge or consent.
Impact on ISOC
Loss of reputation
There are challenges for ISOC if this data breach had been widely reported with loss of reputation the main issue. As the organization works in the online world and is viewed as an upholder of standards and best practice it could be particularly embarrassing if this had come out. The breach suggests ISOC needs to do more to enhance their security infrastructure and adhere to the best practices they champion around making the internet stronger and more secure.
How to stay safe from data breaches
At Clario, we aim to work 24/7 to ensure that user personal data is kept secure. In case of a data breach, we advise:
- Immediately open your account and change your passwords
This is the easiest and fastest way to ensure your accounts stay secure, especially if you take action as soon as you find out that a security breach has occurred. Remember that your passwords should be updated every 180 days as best practice anyway.
- Cautiously approach suspicious-looking emails or links
Follow your instincts and be careful if you see anything suspicious. If you suddenly start getting bombarded with certain ads or deals which seem too good to be true, then tread carefully so you can avoid becoming a cybercriminal’s latest victim.
- Work with a trusted cybersecurity provider…
Like us here at Clario. We protect your device and digital identity from viruses, unsecured Wi-Fi, ID theft, or hacking - all in real time.
Data Breach Summary
|Exposed environment||Microsoft Azure blob repository|
|Type of data exposed||Personal and login details of ISOC members|
|Estimated number of records||Millions of files were reportedly exposed|
|Publicly indexed by||Unknown public search engine|
|Discovered on||December 8th, 2021|
|Reported on||December 8th, 2021|