An Indian-based online documents verification platform called MyEasyDocs has exposed the data of more than 57,000 students on a Microsoft Azure server.
Based on a report, a cybersecurity researcher spotted a misconfigured Microsoft Azure server that exposed the educational and personal records of hundreds and thousands of students from Israel and India.
MyEasyDocs own the exposed server. It is an online data verification platform in Chennai, India, that specialises in verifying and confirming relevant documents to government institutions, law enforcement agencies, banking, colleges, and universities.
MyEasyDocs has left the MS Azure server without any security.
The platform requires users to submit their records via MyEasyDocs software, which are then uploaded to the company’s cloud server to verify. In this issue, a Microsoft Azure server was exposed without laid security authentication, meaning the data was accessible to those competent enough to reach it.
Moreover, any individual with a background in searching unsecured databases on Shodan and other platforms could have full access to the leaked data. The leaked data reached about 30.5 gigabytes of files owned by more than 50,000 Indian and Israeli students.
After the researchers analysed the stockpile of data, they identified the records such as full names, subject majors, grades, phone numbers, email addresses, graduation dates, national ID, and college registration numbers.
Everyone can compare the severity of the poorly configured and exposed databases to the earlier issue where the Anonymous hacktivist group compromised about 90% of Russian cloud databases that were exposed to the public without passwords or security authentication.
The data breach situation can have a massive impact on every user that has used their platform. Malicious threat actors could have downloaded the exposed data, which they can use to operate illegal activities such as phishing, identity theft, marketing campaigns, and education-related fraud.
There will also be a possibility of falsifying university records, passing grades, and certificates. This current data leak can be a starting point for every malicious entity taking advantage of the exposed data.
