Thousands of Credentials Leaked via Misconfigured Apache Airflow Servers

This week, a Misconfigured Apache Airflow server leak exposed thousands of credentials from popular platforms and services such as Slack, PayPal, and Amazon Web Services.


We spoke with Pravin Rasiah, VP of Product, CloudSphere, and Greg Fitzgerald, co-founder, Sevco Security, about cloud misconfigurations and why organizations should prioritize this ongoing security issue.


Pravin Rasiah, VP of Product, CloudSphere:


“Companies entrusted with large volumes of sensitive customer data must be hypervigilant in their security processes. This includes following best practices regarding identifying and addressing any security misconfigurations that put the data at risk that in real time. Security misconfigurations are often the result of incomplete data infrastructure visibility and lack of security authorization guardrails. What may seem like just a minor oversight in coding practices (as researchers indicated was likely the case here) can ultimately have devastating repercussions on a brand’s reputation, as customer trust relies first and foremost on the security of their data. With a comprehensive security posture assessment of the applications hosted within their cloud environment along with the ability to remediate issues in real-time, companies can safely operate without putting customer data at risk.”


Greg Fitzgerald, co-founder, Sevco Security:

“With so many high-profile threats facing enterprises today, it’s easy to understand how security teams overlook older IT assets that are going unused. Unfortunately, just because retired IT assets are out of sight does not mean that they are out of mind for malicious actors. Threat actors have gotten very good at scouring enterprise networks for misconfigured or unpatched assets that security teams neglect. It’s gotten to the point where many malicious actors know their target networks than the security teams tasked with protecting them. In order to effectively secure your organization, the critical first step is to create an accurate IT asset inventory that allows you to understand the attack surface you need to defend.”


###