back to article Back up a minute: Veeam database config snafu exposed millions of customer records

A misconfigured server at data recovery and backup firm Veeam exposed millions of email addresses. Close up of tangled tape Reel talk: You know what's safely offline? Tape. Data protection outfit Veeam inks deal with Quantum READ MORE Security researcher Bob Diachenko discovered the 200GB cache of email addresses, names and …

  1. deadlockvictim Silver badge

    oooops.

    oooops.

    1. GnuTzu Silver badge
      Thumb Down

      Re: oooops. -- "prospect"

      "...non-sensitive records (i.e. prospect email addresses)"

      Like your competitors would never want to snoop your prospects and you would be happy to share...

      ...and you prospects would somehow want to be on spam lists?

      Come on; this might not be the most sensitive stuff; but relatively speaking, most data exists because it has some value--and therefore, some sensitivity.

      Proper risk assessment means identifying your data assets and determining their value if lost or compromised. And, if you think that's "non-sensitive", then you probably haven't identified and assessed any of your data assets--which is sadly typical of many businesses.

  2. Jay Lenovo

    Until the next flaw is found

    We have now ensured that ALL Veeam databases are secure.

    "ALL" is a pretty big word, considering an investigation is still taking place.

  3. Doctor Syntax Silver badge

    Assuming they have EU resident data subjects in there, have they notified a European regulator? If not, this would be a case for a fine big enough to discourage others from not doing so.

  4. munchbunch65

    Are they..

    Backing up British Airways?

    A data company that overlooks the basics..

    1. Amos1

      Re: Are they..

      Anybody want to wager on whether the security people at British Airways suddenly lost interest in their work when they learned BA was talking to IBM about taking everything over? Particularly with IBM's reputation for massive layoffs?

      1. Secta_Protecta

        Re: Are they..

        And ruining formerly reasonable workplaces ;)

  5. chivo243 Silver badge
    Holmes

    e-mails vs. user base

    Sure I can see the discrepancy. I know there are multiple addresses registered for our office. I'm fiddling with the free version on the side, with my own login and another e-mail address. How many events did Veeam give away swag for registering for their newsletter...

  6. Anonymous Coward
    Anonymous Coward

    GDPR Fine

    How does the GDPR fine work when a non-EU company does not publish annual revenue?

  7. Andy Humphreys

    Off to the Cloud...

    Do they recall writing this I wonder..?

    https://www.veeam.com/blog/cloud-backup-security-concerns.html

  8. Anonymous Coward
    Facepalm

    Cloud backup security concerns.

    How about getting someone to write a script that periodically tests your cloud infrastructure for potential leaks and sends an email or text msg to someone who will notice?

  9. Potemkine!

    Got a mail today:

    The exposed database contained non-sensitive marketing records, such as name and email address, and in some instances IP addresses

    WTF! These data are sensitive to me, and that's all that matters, they are my data FFS.

    Marketing bastards.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020