Researchers at Kromtech Security discovered a Weight Watchers Kubernetes server earlier this month that was publicly accessible on the internet and did not have any password protection. The result was that many of the company’s AWS S3 buckets and access keys were exposed.
Bleeping Computer reported the incident on Monday June 11, 2018.
While Weight Watchers claims that no customer information was exposed or its infrastructure compromised, it does highlight how an adversary only has to be correct once, finding a flaw in your infrastructure, and bring havoc to your organization. As a business leader, your organization has to be correct 100% of the time. While this could be a difficult task to achieve, its still important to understand that you at least must do the basics to keep your network secure and not expose customer data.
- Securing servers with strong passwords
- Monitor all servers that are publicly exposed on the Internet
- Have a compliance policy in place and strongly enforce the policy both in code and procedures
If you need help with any of these initiatives, InVault is here to help. Contact us today for your free security risk assessment!