Cloud backup provider SOS Online Backup has exposed 135 million records online in the most recent case of a company failing to secure its cloud storage.
Discovered and reported today by security researchers Noam Rotem and Ran Locar at vpnMentor, data belonging to SOS Backup Data was exposed in November to all and all. The company first contacted on Dec. 10, but with no response, the security researchers tried to reach it again on Dec. 17. The database was removed offline on Dec. 19.
The database included full user names along with email addresses, phone numbers, internal company details, and user names.
The irony of this data exposure is that SOS Online Backup provides a secure cloud-based backup with a prize-winning bulletproof backup. “Not all clouds particularly store data. SOS Online Backup DOES!” the company claims on its website.
SOS Online Backup exposes its customers to a variety of attacks and frauds by exposing customer data. “With access to the most wanted cloud storage in the online criminal world, this database may have been a goldmine for cybercriminals and malicious hackers,” the researchers noted.
The data violation is terrible for the credibility of the company, but the company may face more legal severe problems apart from corporate harm. Since the misuse of information is public, SOS Online Backup is now investigated by the California Consumer Privacy Act regulators. This also faces scrutiny under the General Data Protection Privacy Regulation of the European Union if it has any European customers.
After contacting the company, SOS Online Backup still needs to comment on the article.
SOS Online Backup has raised $4 million in risk capital funding according to Crunchbase results. Splashpond Investors are the only investor listed in the company. The company headquartered in Los Angeles, which means it will comply with California law.