Internet Society members' data exposed in breach
The Internet Society (ISOC) is one of the oldest and most important international non-profit organizations related to the internet, but that doesn't make it immune to problems and it's revealed today that ISOC members' details have been exposed in a data security breach
Independent cybersecurity researcher Bob Diachenko, in collaboration with cybersecurity company Clario, discovered an open and unprotected Microsoft Azure blob repository containing millions of files with personal and login details of ISOC members.
As soon as the sensitivity of the data and the owner of the repository was confirmed, an email alert was sent to ISOC and on December 15th 2021 the repository was secured.
The ISOC responded to the alert:
I wanted to let you know that the active investigation into this issue has now concluded. We have confirmed that the association management system we use was configured incorrectly by MemberNova, which made some Internet Society member data publicly accessible. Fortunately, we have not seen any instances of malicious access to member data as a result of this issue.
We notified all our members about this matter before the holidays and worked with MemberNova to correct the configuration issue and restore the system to normal operations. We have also just let our members know that the investigation has wrapped up.
Thank you again for bringing this issue to our attention as your notice allowed us to quickly resolve the situation.
This is embarrassing for the ISOC as an organization that works in the online world and is viewed as an upholder of standards and best practice. The breach suggests the ISOC needs to do more to enhance its security infrastructure and adhere to the best practices it champions around making the internet stronger and more secure.
You can read more about the breach, along with advice on what to do if you think your data many have been compromised, on the Clario blog.