CSO Magazine has an interesting article on home and small office backups (see article).
Many “private cloud” backups allow you to backup your files to a device on your local network and access your backups anywhere you have access to the Internet. Sometimes, that was not even intended, but due to misconfiguration or bad default configuration, your files are publicly visible.
Done right, cloud backups can be very convenient and you can access your data wherever you are. Done wrong and all your data is available for the world to see.
The article gives several examples of how this could be done wrong. In fact, with a few Google searches, the author came up with thousands of documents – from passports to tax returns to not very suitable for work photographs.
- Credit cards – one family told the author that their credit cards kept getting compromised as soon as they were replaced. Turns out they kept the credit card numbers in a text file (not encrypted) and that file was part of the daily backups – indexed by Google.
- Tax documents with personal and financial information – turns out the documents were backed up to a family NAS that was incorrectly configured, accessible on the Internet and indexed by Google.
- Master list of passwords – from an external SanDisk device – publicly accessible
You get the general idea. The article even gave some examples of specific Google commands to conduct a search for these type of files. I have heard of this kind of surfing before; hackers love it because it is so easy. You could do it from anywhere that Google is available – such as China, Russia or even, maybe, North Korea.
Moral of the story: when you set up a backup mechanism for your home or small business, make sure it is secure so you don’t wind up like these people.