A Misconfigured IT setting - Common data security mistake which are being repeated again and again


White Hat Security explained a misconfigured IT setting as follows:-

Many servers come with unnecessary default and sample files, including applications, configuration files, scripts, and webpages. They may also have unnecessary services enabled, such as content management and remote administration functionality. Debugging functions may be enabled or administrative functions may be accessible to anonymous users. Servers may include well-known default accounts and passwords. Failure to fully lock down or harden the server can leave improperly set file and directory permissions.

In a recent breach in the US, a clearinghouse and cloud software services provider based in Puerto Rico reported that due to a misconfiguration, an incident of an "unauthorized access /disclosure" breach happens that involved a network server impacting 1.56 million individuals.


It appears that these types of mishaps are becoming increasingly common. Some experts claimed that with today's technology that is becoming more and more complex and also quicker and easier to deploy, it creates an environment in which it is very easy to quickly deploy an improperly and/or insecurely configured solution.


In the above case, the company apparently did not report the breach. Authorities only got to know the breach when they received several consumer complaints about receiving multiple letters from the organisation, including some letters misaddressed to other people.