Misconfigured AWS ElasticSearch server of Rubrik exposes clients’ data

• The unprotected data repository contained customer names, business contact information, support requests, and customer support conversations.
• This was caused due to developer error as the data repository defaulted to a lower access security level.

Rubrik is a cloud data management company based in California. The cloud data management company disclosed on January 29, 2019, that it had inadvertently exposed its client data due to a misconfigured server. The server was left publicly accessible without a password for a brief period of time.

Security researcher Oliver Hough discovered the leaky database and reported the server to Rubrik on January 29, 2019. Upon learning the incident, Rubrik immediately took the server offline.

What was exposed?

The unprotected data repository contained customer names, business contact information, support requests, and customer support conversations. However, Rubrik confirmed that no customer-owned data was exposed.

What was the immediate action taken?

• Upon learning about the incident, Rubrik security SWAT team immediately conducted investigations on the incident and invoked the security incident response process.
• The company also changed the server’s access security level to prevent further unauthorized access.

What was the root cause?

Rubrik’s security team investigated and found developer error to be the root cause for this incident. The company revealed that the data repository defaulted to a lower access security level and that they failed to appropriately set the access level as per standard security procedure.

“The sandbox development data repository defaulted to a lower access security level and we failed to follow our standard security procedure to appropriately set the access control,” Rubrik stated in an incident response blog.

The company stated that it is rolling out stricter processes such as multi-level approval and security reviews in order to prevent such incident from happening in the future.

“We apologize for this incident. We are very serious about safeguarding customer information, and this is clearly unacceptable to us. We are continuing to review the situation to improve our processes,” the incident response blog read.