DataSunrise is sponsoring RSA Conference2024 in San Francisco, please visit us in DataSunrise's booth #6178

Database Security Digest – October 2018

Please take a look at the biggest database security incidents in October 2018.


A leading fitness software company may have exposed millions of their customers’ accounts containing personal information. That happened due to a failure to protect their cloud database.

Researchers are saying that they found the exposed Elasticsearch database hosted on AWS using a very simple technique. The cloud store has 119GB of data belonging to the FitMetrics company. The researchers also found a ransom note attached to the database, though it seems that the hacking attempts were unsuccessful. And now the database is lying there exposed and unprotected. The exposed data included name, gender, email address, birth date, home and work phone, height, weight and much more. The total number of affected records is millions. The database was secured again by the company five days later.

Cathey Pacific

One more airline, namely Cathay Pacific, has fallen prey to a major data breach. It has been reported that data on 9.4 million passengers may have been stolen. The airline declared that it had found traces of unauthorized access to its IT system containing a lot of sensitive personal information, mostly of its customers.

The exposed personal data contains the following: passenger name; nationality; date of birth; phone number; email; address; passport number; frequent flyer programme membership number; customer service remarks and historic travel information. The airline is saying that no bank card information has been leaked. It’s yet unknown how the hacking attack has been carried out, but the company is contacting all the affected passengers and providing them with information on steps they can take to protect themselves.

IT security experts are saying that after one successful hacking attack there will be more attempts to hack the system again and they may be successful again.

CPocket iNet

The cyber-risk team UpGuard found an AWS S3 server exposed online. The server belongs to the Washington State internet provider Pocket iNet. The company left its server without any password and virtually anyone could see what’s inside their databases. The exposed information included 73 gigabytes of downloaded data. The data included passwords and other sensitive information, ranging from spreadsheets to pictures and diagrams. It took Pocket iNet about a week to secure the exposed data.

Internet service providers being a part of US Critical Infrastructure are of special interest for adverse nation-state threat groups. Pocket iNet AWS misconfiguration is reported to be the reason for this data exposure. The issue of AWS misconfiguration, unfortunately, is not uncommon and that doesn’t depend on the size of a company.

Security updates for databases


MS SQL Server

Amazon Athena

Google Cloud SQL

Apache Impala


Apache Hive


Database Security Digest – November 2018

Database Security Digest – November 2018

Learn More

Need Our Support Team Help?

Our experts will be glad to answer your questions.

General information:
[email protected]
Customer Service and Technical Support:
Partnership and Alliance Inquiries:
[email protected]