2.7 million private Swedish medical calls found exposed online
5 replies, posted
https://www.bbc.com/news/technology-47292887
"Some 2.7 million conversations dating back to 2013 were uncovered by technology news site Computer Sweden on an unencrypted web server."
"We were absolutely astounded by what we found on there. People talking
about their symptoms, diseases, their kids' illnesses, giving out their
social security numbers. This data is as private as it gets," explained
Marcus Jerrang, editor-in-chief at Computer Sweden.
Saw this in the Swedish news earlier.
All call logs got saved on a completely unsecured network cloud drive that was exposed to the internet.
It only affects parts of the country as well as only part of the calls made there. It's one of the subcontracted companies handling the calls out of many.
24 TB of audio recordings hosted on a publicly available NAS device. For some reason the web access used port 443, but the connection was insecure.
This smells of a hack-job done by some subcontractor technician.
They use a call-center service in the cloud. The NAS had a URL that belonged to the call-center service's sister company.
Basically subcontractor to subcontractor to subcontractor to subcontractor.
Stuff like this is insane. Like, how the fuck can any self-respecting IT crew look at something that requires this amount of effort to set up, and handles extremely sensitive and personal information, and then not put ANY security on it, AND connect it to the regular web????
You'll get wondrous results when you pass the responsibility through enough hands
The doctor is in the jail.
Sorry, you need to Log In to post a reply to this thread.