Alteryx personal data leak affects millions: Are you affected?

May 2023 · 3 minute read
Alteryx data leak

Keeping your personal information safe is getting more and more difficult. Hackers are working day and night to get their hands on your personal data, websites use cookies and other tracking tools to influence your behavior and more.

As if this weren’t enough, accidental data leaks make is very easy for your personal information to fall into the wrong hands.

The latest such example is the Alteryx data leak that affected millions of American households.

Amazon Web Services cloud storage was the repository

Cybersecurity researchers from UpGuard recently discovered that a cloud-based data repository containing data from Alteryx about millions of persons was left publicly exposed.

In October, UpGuard came across an Amazon Web Services S3 cloud storage bucket containing sensitive information.

The problem was that the default security settings allowed any AWS “Authenticated Users” to download data, as UpGuard explains.

In practical terms, an AWS “authenticated user” is “any user that has an Amazon AWS account,” a base that already numbers over a million users; registration for such an account is free. Simply put, one dummy sign-up for an AWS account, using a freshly created email address, is all that was necessary to gain access to this bucket’s contents.

While the folder does not contain any names, personal details such as addresses, phone numbers, hobbies, income and even mortgage information are indeed available, which makes it rather easy to identify the respective persons.

UpGuard researchers believe that the data actually comes from an Alteryx product.

The good news is that Alteryx already secured the database and is no longer available to the public.

Another wake-up call about privacy protection issues

Data privacy and security is one of the biggest problems in the IT industry. The entities handling sensitive personal information sometimes commit childish errors that leave millions exposed. Moreover, as UpGuard explains, most enterprises don’t even have the ability to assess the security strategies of external vendors.

[…] the concentration of publicly and commercially-gleaned data about tens of millions of American households, and the exposure of this data to anyone with a free AWS account entering a URL, shows just how devastating an exposure can be at an enormous scale. The data exposed in this bucket would be invaluable for unscrupulous marketers, spammers, and identity thieves, for whom this data would be largely reliable and, more importantly, varied. With a large database of potential victims to survey – with such details as “mortgage ownership” revealed, a common security verification question – the price could be far higher than merely bad publicity.

Taking into account this recent piece of news, check out the articles below to learn how you can protection personal information:

ncG1vNJzZmivmaOxsMPSq5ypp6Kpe6S7zGikmqujnsOmecOaq5plnJqurHnApaueqqmtfA%3D%3D