On the surface it may seem that a cloud storage solution, a so called S3 bucket from the provider AWS was left unprotected. Yet, if I understand what happened correctly, it wasn’t a misconfigured S3 bucket but unforgivable bad development practices and really bad data handling (non-anonymized, unencrypted, over too long in time, and too specific in location). (1/2)
=> More informations about this toot | View the thread
They should’ve turned off the analytics endpoint, they should’ve used non-persistent credentials, they should’ve used passwords for their tokens, they should’ve encrypted the data, but mostly they should not have collected and stored all that data in that form for that long to begin with.
[#]volkswagen #vw #cybersecurity #databreach #aws (2/2)
=> More informations about this toot | View the thread
=> This profile with reblog | Go to Elephant@mastodontech.de account This content has been proxied by September (ba2dc).Proxy Information
text/gemini