Fasten Database Error Exposed One Million Customers

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
A popular US ride-hailing service has become the latest firm to publicly expose customer details after researchers found data on an estimated one million users of the service and thousands of drivers.

The privacy snafu came as a result of a misconfigured Apache Hive database at Uber-like company Fasten, which had been left open for end-user access, according to the Kromtech Security Center’s Bob Diachenko.

The exposed data apparently included names, email addresses, phone numbers, links to photos, IMEI numbers, car registration and license plate details, as well as notes on drivers.

Fasten appears to have reacted quickly to the incident, taking the database offline shortly after being informed.
Head of corporate comms, Jennifer Borgan, explained that the database in question was created on October 11 but the sensitive data was uploaded by a developer several days later.

"We can confirm it was exposed for a total period of 48 hours prior to deletion”, she told Kromtech.

"We have already taken steps to update our security protocols to ensure this does not happen again. In this instance, old production data was uploaded to the test cluster by mistake. Going forward, these processes will be managed only by security engineers with specific expertise in this area."

Fasten operates in two US cities — Austin and Boston — and apparently claims that 50% of Boston’s rides-haring drivers and 90% of those in Austin use their service.

It follows a series of previous revelations from Kromtech and others about misconfigured cloud databases.

It’s believed that as many as four million Time Warner customers had their details exposed in this way, after a discovery by Kromtech back in September.

However, that pales in comparison to Tarte Cosmetics, where a misconfigured database exposed the details to ransom specialist group CRU3LTY.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top