Rubrik leaked large database of customer data due to security problem

Rubrik leaked large database of customer data due to security problem

Due to an error in the security of a server, a large database of Rubrik’s customer information was leaked. The server was taken offline one hour after a report from TechCrunch, the website that drew Rubrik’s attention to it.

The data was found by security researcher Oliver Hough, reports TechCrunch. The server turned out not to be password protected, so anyone who knew where to find the server could access it. The database itself revolved around a hosted Amazon Elasticsearch server and contained dozens of GB’s of data. These included customer names, contact information and case work for each business customer.

The dates would go back to October 2018. Part of the database was dedicated to Rubrik’s business customers. This allowed customers to talk to the company’s employees if there were any problems or complaints. This included the content of e-mails from customers who were in the system. In many cases there were also signatures with names, titles of jobs and telephone numbers.

Each business record also contained descriptive profile information, for example to indicate whether it was a Fortune 500 company. Rubrik has thousands of large customers, including the Scottish government, the U.S. Department of Defense and CarePoint Health.

Reaction Rubrik

The company itself now proposes to do research. “As we build a new customer support solution, a sandbox environment with a subset of our business customers’ contact information and support interaction data may have been temporarily accessible,” said a spokesperson. “The company also says that no one other than the security researcher who found the problem had access to the information. No evidence was given for that claim.

“We have reduced the cause to human error. A default access setting was not changed according to our default practices. We’ve changed our processes to prevent it from happening again. Privacy and security are very important to us and we offer our sincere apologies for the error.”

This news article was automatically translated from Dutch to give a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.