A data breach at calculator app Mathway exposed 25 Million user records.Mathway's reputation took a hit, losing trust and possibly customers. It could face possible lawsuits and fines due to exposure.User data was exposed due to cloud hosting misconfigurations - something that's very difficult to get right.Due to a lack of access controls, an attacker got into certain systems, like the underlying database. Most likely, there were slow or no alerts around odd access attempts and accounts being used for irregular activities. This allowed the attacker the time needed to exfiltrate the data unnoticed.
How Companies Can Prevent This Attack
Create different service users and identify access management rules for the running application, backing databases, and other services that might need to access parts of your infrastructure.
Develop logging rules within AWS, GCP, or other cloud hosting providers that send an alert when a service user connects an application to other out-of-bounds services or attempts to execute privileged commands such as "sudo."
Ensure firewall rules exist, separating various services from one another. The only communication necessary is over a private network. Additionally, block public SSH access to backend services such as a database server.
Create a recurring scheduled review of the settings inside your hosting providers and leverage tools that validate secure configuration. Here's a great list from Geekflare to review.
Havoc Shield protects businesses through the cumulative effort of its employees. Here is how Havoc Shield can help improve your business' security posture and prevent this type of attack:
Havoc Shield's has In-AWS and In-GCP guidance for how to set up anonymous event logging and alerting.
Set up automated reminders to review settings inside hosting providers along with a guided module of which settings to check and what they should be set to.
Advisory hours you can use to help configure access controls correctly.