Commvault wades in as Veeam exposes 445M records

Commvault wades in as Veeam exposes 445M records

Error uncovered by security researcher Bob Diachenko

Ratmir Timashev (co-founder, Veeam)

Ratmir Timashev (co-founder, Veeam)

Credit: Veeam

News that Veeam left 445 million customer records on an open server from Amazon Web Services has created a feeding frenzy within the channel, spearheaded by industry rival Commvault.

The error was uncovered by security researcher Bob Diachenko, who found an exposed Veeam MongoDB containing 445 million records, equating to 200GB of data.

The exposed database contained information on marketing leads, including names and email addresses.

“Another week, another misconfigured MongoDB server incident,” wrote Diachenko, via social media. “This time, ironically, database appeared to be handled by Veeam, company that develops back-up, disaster recovery and intelligent data management software for virtual, physical and multi-cloud infrastructures.

"A 200-GB database included vast massives of data that is apparently used by Veeam marketing automation team to reach out to their customers using Marketo solution (Marketo is a software company focused on account-based marketing, including email, mobile, social, digital ads, web management, and analytics)."

After TechCrunch informed the vendor of the exposure, the publication said the server was "pulled offline within three hours”.

“The Veeam incident is unfortunate for a self-described intelligent data management company, but the reality is it could happen to any organisation,” said Chris Gondek, principal architect at Commvault.

“Rather than spread fear, uncertainty and doubt about a lack of capability, this incident should serve as a reminder to all organisations that data is an asset and a catalyst to many initiatives - and it must be protected.”

According to Gondek, all organisations must be prepared for data loss scenarios for "when, not if, it happens".

“Perimeter security is a prevention method, at best,” he added. “Organisations need a proper data protection plan, with particular focus around recovery readiness and disaster recovery.

“It’s also time organisations hold business vendors that deal in data to the same standards as you would financial institutions. Take data found in the cloud: there is a perception that the cloud is more secure; that they’re the specialists and your data is not at risk.

“At the end of the day, your organisation is responsible for your data and information, irrespective of where you place it.”

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags commvaultveeam



Tech industry comes out in force as Lancom turns 30

Tech industry comes out in force as Lancom turns 30

A host of leading vendors and customers came together to celebrate the birthday of Lancom Technology in New Zealand, as the technology provider turned 30.

Tech industry comes out in force as Lancom turns 30
The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Show Comments