On Monday, Jeremiah Fowler and WebsitePlanet released a research blog that revealed that 61M records from popular wearable technology fitness devices were left exposed online. Data sources included Apple's HealthKit and Fitbit -- essentially the bulk of the fitness tracker industry.
It's the latest in company security negligence that could be detrimental to unsuspecting users.
Pravin Rasiah, VP of Product, CloudSphere said, “Companies collecting and storing sensitive customer information must be hypervigilant in protecting all of the data they collect. Leaving a database exposed without a password or authentication to prevent unauthorized entry is a surefire way to endanger customer information and potentially damage a brand's reputation. It is crucial that enterprises have the ability to identify security flaws in a timely manner so that sensitive data such as names, birthdates and GPS logs stay out of the hands of malicious actors."
Poor password hygiene is one of the top ways critical misconfigurations or exposures occur.
"A missing password is often the result of lack of awareness into the constantly changing cloud environment. Without this visibility, it is far too easy for even basic security measures to lapse or be misconfigured. Companies should invest in automation for cloud governance that enforces security guardrails via policies that can prevent or remediate issues in real-time," said Rasiah.