Millions of Internet Society personal files exposed in data leak

Windows security
(Image credit: REDPIXEL.PL / Shutterstock)

Cybersecurity researchers discovered an unprotected Microsoft Azure Blob storage containing millions of files with personal and login details belonging to Internet Society (ISOC) members. The exposed information contained included names, addresses, social media account information, passwords and more.

As reported by cybersecurity researcher Bob Diachenko, the data leak was due to an association management system being "configured incorrectly," leading to a Microsoft Azure Blob repository being open to the public for an undefined period of time. The cloud-based computing service had millions of JSON files that cybercriminals could have used for phishing attacks or identity fraud. 

ISOC, a global non-profit organization that aims to make the internet more accessible for all and to ensure open internet development, discovered the leak on December 8, 2021. However, the issue has been resolved, with ISOC releasing a statement on the matter:

"I wanted to let you know that the active investigation into this issue has now concluded," ISOC stated. "We have confirmed that the association management system we use was configured incorrectly by MemberNova, which made some Internet Society member data publicly accessible. Fortunately, we have not seen any instances of malicious access to member data as a result of this issue."

Exposed JSON files (Image credit: Lightspeed PR)

ISOC added: "We notified all our members about this matter before the holidays and worked with MemberNova to correct the configuration issue and restore the system to normal operations."

While no data has been used for malicious reasons, the leak could have led to scammers targetting ISOC members and using their email address, name or password to trick them into gaining access to financial information. Plus, with their personal details, threat actors could also impersonate ISOC members to commit fraud or identity theft in their name.

Back in October, a Twitch hack also exposed user and company data. It's a good idea to keep your account secured with extra security precautions, and one of the best password managers and best authenticators apps can help keep your personal information private. 

Darragh Murphy

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.