 A security researcher over at UpGuard discovered a very large amount of information somehow or accidentally made publicly available. We need to kind of know the how. We're not sure the why other than misconfigured server, it was a misconfigured arcing server probably for backups, but they left it publicly exposed. There are title here of out of commission how the Oklahoma Department of Securities leaked millions of files. I don't know how they didn't title it, Oklahoma's not okay. Now if you're not familiar with the Oklahoma Department of Securities picture it as a state level SEC. So they investigate the brokers, they investigate different people who are involved in securities exchange and trading and insurance and a lot of that. So they have a lot of information and investigations and background information and it's not that we're reporting this based on we know breaches, we know that the data was used somewhere. We know the data was exposed but my guess because there's not a lot of other detail in here there was no logging which doesn't shock me based on some of the things they found. So first if you have someone who left to open our sync server open to the public I'm going to bet they don't have a robust logging system in here to even know what was taken. So despite finding the data exposed there's not a record of whether or not anyone else besides a security researcher from UpGuard found it but they did note that it was found as well on Shodan and was accessible since November 30th 2018 and we don't know how long it took Shodan to scan this IP range whether or not it's been exposed for a while it just took Shodan until November 30th to find it but you can see why logging is so important and why configuring servers properly is so important. You need to be looking at from the outside in all the time to make sure that you didn't do one of these things that would lead to you being famous for a security breach. Now the first challenge UpGuard had was it wasn't like we found a database it was well this and so they broke down as you refer to as artifact types all the different things were exposed and wow there was just a lot of thing in here so we have PST files virtual disk formats probably copies made of virtual machines that were completely downloadable accessible. There was some log files they had 30 gig of log files but not really saying what they were whether they were logs collected on active investigations or whether or not they were logs related to this none of that is really disclosed in here but we do know some of the information that was in there must grow down to that so they had a Microsoft database that contained information approximately 10,000 security brokers including their social security numbers a CSV with the partial name I love this identifying information.csv that's a great probably profile containing the date birth birth certificate country of birth gender height weight hair color eye color of over a hundred thousand brokers a database related to a financial vehicle travel through terminally ill patients now it's kind of a mouthful with the are as people who have death benefits and they have terminally ill diseases and among them was AIDS patients including their personal details such as T sale count so their actual status health medical status so you've got health compliance problems so security compliance problems like there's nothing and security in general compliance problems when it and then security not as in cyber but as in brokers who are authorized traders now all of their personal details have been breached so they if you're a broker in Oklahoma you're watching this just I don't know I don't know how this is going to be handled but just be aware that's after that gets some identity protection be very vigilant you should always be vigilant anyways but your information was apparently completely leaked by the security commission that was mission to audit you then there's several databases system credentials this is where things go a little bit worse from a DevOps side VNC credentials for remote access to the Oklahoma Department of Securities workstations I know VNC is a popular project out there it but I feel when I see it a lot of times it was things like I didn't have a budget so I just do VNC on there and then I threw all the passwords in a spreadsheet and that spreadsheet get exposed on the Internet it's just going to be a big mess because undoubtedly if that spreadsheet's out there there's things not on their network that's probably using VNC as well so there could be more issues coming from this and the next thing a spreadsheet of IT service with the usernames of passwords for accounts or Symantec production sheet Tivoli thought security just a big mess so they had this wonderful I like how they did redact the information but wow basically this IT person was just creating a big sheet of data with everything and here's all of our passwords here's all the different things we need it's just a mess I mean use last pass use some type of password management system so they're not just put in you know spreadsheets that are saved that are later exposed and backed up for convenience other business information training documents for personnel working in security mission commission or email histories I mean the list goes on and on I'll leave a link to all this so you can read through some of the other details that I kind of glazed over here but yeah this is a real issue you should always you know from a debrief of this you should always be looking at your network from the outside and try your network so you're authorized will authorize yourself to do this make sure if you have a team they're all aware of what you're doing which you should be looking from the outside going to something exposed did we leave something out and these breaches unfortunately are becoming more and more common this is probably so far to date which it's only the 23rd of January the biggest one I've seen but don't worry this is this is the beginning of it this is only January so I'm sure next month someone will upstage these some other agency especially with the government shut down right now we know there's a lot of security researchers not doing things at the government not locking down things we've seen websites expiring and this may lead to that next breach because more things are going to be exposed without anyone pushing patches right now with government agencies this can be a problem now this is a state-level agency and this happened last year prior to the government shutdown so those are unrelated both because of state and because well happened a few months ago or that was discovered a few months ago we really don't know how long this was going on for so as always stay vigilant keep your security tight and see you next time thanks for watching if you enjoyed this video go ahead and hit the thumbs up if you want to see more content for my channel go ahead and hit subscribe and the bell icon and hopefully YouTube will send you a notice if you're interested in contracting Lawrence systems for any type of IT services work or consulting work go ahead and head over to LawrenceSystems.com and fill out our contact and get in touch with us if you would like to help the channel out in other ways you can use our affiliate links below in the description or we have a link directly to our Lawrence systems page we have a list of different affiliate offers and it's very appreciated if you use any of those for signing up any of the services and many of them offer you discounts if you want to head over to our forums there'll be a link in the description for our forums wherever they may be because we've been looking at different forum platforms but they'll always be relevantly linked right there all right once again thanks leave some feedback and comments below on this video if you loved it if you hated it I try to reply to everyone the people who hate and the people who love them so thank you very much and see you next time