https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

Security breach

Breach of Clearview AI Server Exposed Source Code, Secret Keys and More

  • Written by Pam Baker
  • April 20, 2020
Caused by a misconfigured server, the security lapse is Clearview’s second in two months.

A massive data breach of the Clearview AI server exposed source code, secret keys and pre-released developer versions of its apps. Clearview is a U.S. facial recognition firm serving U.S. law enforcement agencies and other organizations, The breach was reported in February. Clearview said at the time that although data had been accessed by unauthorized persons, its servers remained secure and its systems and network were not compromised. But now a compromised server has been found and it exposed massive amounts of information.

SpiderSilk, a Dubai-based cybersecurity firm, found a misconfigured server belonging to Clearview AI “exposed Clearview’s internal files, secret keys and credentials, apps, source code and employee messages.”

Bitglass's Anurag Kahol

Bitglass’s Anurag Kahol

“Clearview AI’s latest security incident follows shortly after a data breach that compromised the company’s client list. This time around, a misconfigured setting in Clearview’s password-protected server allowed attackers to bypass authentication methods and gain access to the company’s most sensitive internal files such as its source code, employees’ private messages and cloud storage buckets that hold copies of finished and pre-released developer versions of its app,” said Anurag Kahol, CTO at Bitglass.

The company has come under fire over privacy concerns. It collects images from social media public profiles, usually without users’ or social media companies’ consent.  Initially the company said it served only U.S. law enforcement, but several reports have come out since then naming private companies on the company’s client list.

DivvyCloud's Chris DeRamus

DivvyCloud’s Chris DeRamus

“Clearview AI has gained a lot of attention not only from critics who are concerned about the privacy implications of its facial recognition technology, but also from hackers. Regardless of your personal feelings about the company, Clearview’s second security lapse in just two months demonstrates how common misconfigurations are when companies lack proper cloud security strategies, and how easily threat actors can exploit these vulnerabilities,” said Chris DeRamus, CTO of DivvyCloud.

DivvyCloud’s latest report found that the number of records exposed by misconfigurations rose by 80% from 2018 to 2019. Further, the researchers reported that more than 33 billion records were exposed this way over the last two years.

“Bad actors could steal the exposed information for a competing company or leverage the secret keys and credentials to gain access to even more private information — as people commonly reuse their passwords across multiple accounts,” said Kahol.

But this Clearview AI incident comes with a wicked twist.

“Usually, when we talk about breaches and cloud misconfigurations, it’s customer or employee data that is at risk, but this is an example of a security incident that is putting a company’s intellectual property at risk,” said Kahol.

But with every breach comes lessons learned for security partners. Savvy MSSPs take note and adjust their services to better protect their clients.

“This particular misconfiguration incident highlights the need for enterprises to adopt least-privileged access across cloud environments, including a robust approach to identity and access management (IAM). In these environments, everything has an identity — users, applications, services, and systems,” said DeRamus.

“Organizations must implement multifactor authentication (MFA) for all users, securely manage service accounts and their corresponding keys, enforce least-privileged access, and enforce best practices for the use of audit logs and cloud logging roles,” DeRamus added.

Tags: MSPs Artificial Intelligence Best Practices Business of Security MSSP Insider Network Security

Related


  • Cybersecurity Roundup
    Insured Losses from SolarWinds Hack Mount, But Could Be Worse
    The cost of breaches keeps going up at a rate faster than revenue growth for many companies.
  • Security breach
    With SolarWinds Breach, ‘The Hackers Aren’t the Problem’
    Find out who, instead, is the problem and how MSSPs must fix their own, and clients', IT environments now.
  • cybersecurity predictions
    Cybersecurity: What to Expect in 2021
    Remote work is here to stay (and other cybersecurity predictions for the year ahead).
  • COVID-19 pandemic
    How the Pandemic Will Influence Channel Partner Businesses in 2021
    From reshaping workspaces to doing more with less, four trends will dominate operations and sales.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • How Secure is Your Cloud Data?
  • Tenable Research: Publicly Known Vulnerabilities Increased in 2020
  • McAfee Employees Getting Pink-Slipped in Likely 'Belt-Tightening'
  • SMBs’ Cybersecurity Risk Awareness Is Rising

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Importance of Being Security-Centric

January 22, 2021

Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures

January 21, 2021

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Webinars

View all

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

Your Network Perimeter Has Changed

February 18, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Judge sides with @AWScloud against #Parler; @SADAsystems gets AI-centric board member; @EnsonoIT, @navisite get… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

2021 may be the year of the #security-centric #MSP @BarracudaMSP #remoteworking #ITsecurity #dataprotection #RMM… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Adding #AIOps and #AI-driven WANs will help IT administrators move forward, says @MistSystems.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Microsoft taps @tybryson as corporate VP @msuspartner group @julwhite heading to SAP, @anderson to @Qualtrics.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

#MSPs can inject predictability into #threathunting @Sophos #cybersecurity #ransomware dlvr.it/Rr4ffV https://t.co/Bztc2Yxwvc

January 22, 2021
ChannelFutures

.@RiskBased report shows decrease in #databreaches, jump in exposed records in 2020. dlvr.it/Rr4fcW https://t.co/PYiDMiJFbt

January 22, 2021
ChannelFutures

Legal experts say @VMware's #lawsuit against @nutanix's new CEO holds little weight. dlvr.it/Rr48FJ https://t.co/oLxPhgvgAt

January 21, 2021
ChannelFutures

bit.ly/2Y0kFZh twitter.com/Craig_Galbrait…

January 21, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X