In Pictures: Lost in the Clouds - 7 examples of compromised personal information

While having instant access to your information via the cloud is a major bonus to productivity and convenience, there's a risk that the security trade-off will be too high.

  • Google has indexed thousands of backup drives Each day millions of people across the globe create backups of their files. These backups are supposed to offer a measure of assurance that their files are safe, but that's not entirely true. In fact, depending on how you've configured the device, your backups are freely available online to anyone who knows what they're looking for. The following slides contain a few examples of the sensitive information people have stored on a backup drive that was later indexed by Google. Unfortunately, most don't realize their data is available to the public, potentially offering themselves up as victims of identity theft or similar fraud. Google isn't to blame either, as all of the backup files archived by the search giant are on networks or devices that were configured to act as public archives of data. But again, most people don't know this is happening.

  • Credit cards This image is a redacted copy of a sales receipt, which contained someone's full name, address, home and mobile number, and their credit card details complete with security code. This is just one file out of the hundreds online that contain such details. During an interview, one family told CSO Online about how their debit and credit cards kept getting compromised. Unfortunately, the family stored the card numbers in a text file on their computer. This file was included in the daily backups, which were indexed by Google. Each time a new card was added to the file, it was compromised almost immediately.

  • Tax documents This is a redacted image of a directory where tax documents were being stored. The folder was sorted by name, and was created by a well-known piece of tax-related software. The taxpayer's name has been redacted, but their archive on Google contained a mix of personal and financial information. Moreover, the archive contained hundreds of family photos, a common item often stored on a personal cloud device. Another concern are the SMS (text message) logs that were created by monitoring software installed on phones used by teenagers in the household. In this case, the family was using a NAS that was configured improperly.

  • A person's entire life has been indexed This redacted image shows just two of the documents discovered on a backup drive maintained by an IT professional in New York. The drive contained several years' worth of tax filings, scans of their ID and Social Security card, as well as retirement account details, paycheck stubs, and credit reports.

  • Portable drives This image, with personal information redacted, shows the contents of a Seagate Expansion 1TB portable hard drive. The family that owns this device had it connected to the network as a backup drive. There are several personal items on this drive; including things that one member of the family uses to teach her pre-K / early elementary classes. There is enough PII on the drive to cause problems, but other than paycheck stubs, the bulk of the device houses class prep and a vast library containing hundreds of movies and MP3s, as well as hundreds of family photos.

  • Master list of passwords This redacted list comes from an external SanDisk drive. It housed several personal documents and various records. There are some MP3s and movies, but the riskiest item on the device – which seems to be intended for remote access anywhere – is a master list of passwords. The list itself has several hundred accounts on it, including banks, eBay, credit accounts, business accounts, and more. It's never a good idea to keep all of your passwords in a text file, but as the list shows, it's also a bad idea to use the same password on multiple websites.

  • Windows piracy? This image shows a NAS assigned to an IP address maintained by the Orange County Department of Education (Santa Ana Unified School District) in California. The data in the drive is development related, but there are some IT related files as well. However, as the inset image shows, there are also some risky files included on the drive. The highlighted file is a key generator (KeyGen) application for Windows 8.1, a file commonly associated with software piracy.

  • Personal cloud exposed This redacted image shows a misconfigured LaCie CloudBox device. Because their personal cloud was incorrectly configured, all of their personal and financial documents have been indexed on Google. Within the archive are completed passport applications, bankruptcy notes, tax returns, paycheck stubs, personal notes and memos, pirated movies, and hundreds of personal photos. There are also several text files with usernames and passwords, including credentials to a tax service, jewelry store, cellular service, and well-known bank.

Show Comments