Veeam has apologised for exposing 445 million customer records on an open server from Amazon Web Services, blaming the leak on “human error”.
As reported by Channel Asia, the error was uncovered by security researcher Bob Diachenko, who found an exposed Veeam MongoDB containing 445 million records, equating to 200GB of data.
The exposed database contained information on marketing leads, including names and email addresses.
With the dust now settling, the back-up and disaster recovery vendor has informed both partners and customers that the leak was due to “human error”, according to a statement attributed by co-CEO Peter McKay.
“As soon as we validated the issue, we quickly secured that database,” a company email stated. “Once secured, we launched a full investigation into the scope of the incident, and took corrective measures to reduce the risk of future such incidents.
“The exposed database contained non-sensitive marketing records, such as names and email addresses, and in some instances IP addresses. It is possible that this information was visible to an outside third party for a limited time.”
According to McKay, upon validating the incident, the vendor “moved quickly” to ensure the database was “properly secured” and to limit any further exposure.
“We are now actively investigating the matter to ensure that it does not happen again,” McKay wrote.
“As a company, we value honesty and openness, which is why I wanted to personally assure you that steps have been taken to prevent a similar issue from occurring in the future.”