SOS Online Backup breach exposes 135 million customer records

This massive breach could have legal ramifications for this industry-leading provider

VpnMentor has discovered a breached database belonging to cloud backup provider SOS Online Backup, said to contain data relating to around 135 million customer records. 

The research team was able to access the breached database because it was left completely unsecured and unencrypted, described as a serious lapse in data security by an industry-leading provider.

The exposed database is said to have amounted to nearly 70GB of metadata relating to user accounts. This breach included structural, reference, descriptive and administrative metadata. The database also contained customers’ personal information, including full names, contact details and usernames.

VpnMentor discovered the breach in November 2019, and its research team analyzed it on December 9th. The team contacted SOS Online Backup the next day, and the company closed the breach in mid-December.

By exposing such a vast amount of metadata and user information, SOS Online Backup has made itself and its customers vulnerable to malicious attacks and fraud. In the report, the research team warned this database "could have been a goldmine for cybercriminals and malicious hackers, with access to cloud storage highly sought after in the online criminal underworld."

There is also the potential SOS Online Backup will face legal action from governments and regulatory bodies in the countries it operates. For instance, California, where the company is based, passed the California Consumer Privacy Act, which may come in to play as this situation develops.

Related Resource

How enterprises are embracing cyber security challenges

Enterprises across Europe, the Middle East and Africa are undergoing a significant transformation

Download now

Based in the U.S., SOS Online Backup offers personal and business packages to customers around the world. The company has emphasized it is able to provide customers with 100% data privacy, safety and security across all devices. After a massive data breach like this, such a claim may no longer ring true.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021