Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Jealousy is all the fun you think they have.


rocksolid / Security / Abbyy fine reader not only OCRs your document

SubjectAuthor
* Abbyy fine reader not only OCRs your documentanon
`* Re: Abbyy fine reader not only OCRs your documentAnonUser
 `- Re: Abbyy fine reader not only OCRs your documentanon

1
Subject: Abbyy fine reader not only OCRs your document
From: anon
Newsgroups: rocksolid.shared.security
Organization: def4
Date: Thu, 30 Aug 2018 03:42 UTC
Path: rocksolid2!def3!.POSTED.localhost!not-for-mail
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <8346111cdfa3c7f798d6e85adeccae57@def4.com>
Subject: Abbyy fine reader not only OCRs your document
Date: Thu, 30 Aug 2018 03:42:09+0000
Organization: def4
Lines:
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
View all headers
...but it also displays it for the whole world to see:

https://www.bleepingcomputer.com/news/security/ocr-software-dev-exposes-200-000-customer-documents/

A misconfigured MongoDB server belonging to Abbyy, an optical character recognition software developer, allowed public access to customer files.

Independent security researcher Bob Diachenko discovered the database on August 19 hosted on the Amazon Web Services (AWS) cloud platform. It was 142GB in size and it allowed access without the need to log in.

The sizeable database included scanned documents of the sensitive kind: contracts, non-disclosure agreements, internal letters, and memos. Included were more than 200,000 files from Abbyy customers who scanned the data and kept it at the ready in the cloud.

"Some collection names like 'documentRecognition,' or 'documentXML' hinted that database would be part of a data recognition company infrastructure," Diachenko writes in a blog post today.

Evidence that the database belonged to Abbyy came from another collection of documents that contained usernames under the form of corporate email addresses, and encrypted passwords.

Diachenko says that two days after his notification, the security team at Abbyy disabled access to the information trove. The duration of the exposure is unclear, but it is not far-fetched to assume that data has already been accessed by unauthorized individuals. Such a finding could be worth a lot of money.

In fact, following the disclosure, Diachenko received the following statement from the company informing him that a data breach had affected one of its customers but declined to disclose the name of the party.

Abbyy's customer portfolio counts high-profile names from various sectors. Volkswagen, Deloitte, PwC, PepsiCo, Sberbank, McDonald's are just a few of Abbyy's clients.

Data exposure and leak incidents involving an insufficiently secured MongoDB server are not new, some of them impacting millions of individuals, and ending in ransom demands.

The most recent incident was reported last week and exposed data of 93,000 users of the popular app Sitter, which connects babysitters with parents.

Posted on def4.i2p


Subject: Re: Abbyy fine reader not only OCRs your document
From: AnonUser
Newsgroups: rocksolid.shared.security
Organization: Rocksolid Light
Date: Thu, 30 Aug 2018 06:46 UTC
References: 1
Path: rocksolid2!.POSTED.local_inn!not-for-mail
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.security
Subject: Re: Abbyy fine reader not only OCRs your document
Date: Thu, 30 Aug 2018 06:46:59 -0000 (UTC)
Organization: Rocksolid Light
Message-ID: <8f240e73ccd1e1c0333da66b952fdfd4$1@rslight.novabbs.com>
References: <8346111cdfa3c7f798d6e85adeccae57@def4.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 30 Aug 2018 06:46:59 -0000 (UTC)
Injection-Info: novabbs.com; posting-host="local_inn:10.13.0.7";
logging-data="15973"; mail-complaints-to="usenet@novabbs.com"
View all headers
Sounds like they might be losing some big customers. I've never trusted cloud services with my data, and it seems I won't be doing so anytime soon.

Posted on Rocksolid Light.




Subject: Re: Abbyy fine reader not only OCRs your document
From: anon
Newsgroups: rocksolid.shared.security
Organization: def4
Date: Thu, 30 Aug 2018 19:39 UTC
References: 1
Path: rocksolid2!def3!.POSTED.localhost!not-for-mail
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <bcc3aa319e579d3a8168d714acf42192@def4.com>
Subject: Re: Abbyy fine reader not only OCRs your document
Date: Thu, 30 Aug 2018 19:39:25+0000
Organization: def4
In-Reply-To: <8f240e73ccd1e1c0333da66b952fdfd4$1@rslight.novabbs.com>
References: <8f240e73ccd1e1c0333da66b952fdfd4$1@rslight.novabbs.com>
Lines:
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
View all headers
case in point:
https://motherboard.vice.com/en_us/article/ywk8gy/spyware-family-orbit-children-photos-data-breach

281 Gb of pictures for the taking.

Posted on def4.i2p


1
rocksolid light 0.7.2
clearneti2ptor