Research reveals a 50% increase in exposed data in the past year

According to digital risk specialist Digital Shadows a total of 2.3 billion files have been exposed online due to the misconfiguration of commonly used file storage technologies.

The 2.3 billion files represents a massive jump of more than 750 million files since the same study was conducted in 2018. In its report “Too Much Information: The Sequel”, out of the 2.3 billion files exposed, 98 million of those are in the UK.

It was revealed that almost half of the files  (1.071 billion) were exposed via the Server Message Block (SMB) protocol, whilst other misconfigured technologies included FTP services (20%), rsync (16%), Amazon S3 ‘buckets (8%) and network storage devices (3%).

However on a good note, the overall exposure of S3 buckets have fallen significantly since Amazon introduced the new feature “Block Public Access” in November 2018. The report revealed that in October 2018, 16 million files were being exposed in comparison to now where less than 2,000 files are exposed.

The exposed files included everything a hacker would need to commit identity theft such as passport scans, financial information, medical records and business information. Thus consumers are at more of a risk of identity theft and ransomware attacks, whilst organisations are at risk of GDPR punishments. 

Harrison Van Riper, an analyst at Digital Shadows’ wrote:

“Our research shows that in a GDPR world, the implications of inadvertently exposed data are even more significant.”

Countries within the European Union are collectively exposing over one billion files – nearly 50 percent of the total we looked at globally – some 262 million more than when we looked at last year. Some of the data exposure is inexcusable – Microsoft has not supported SMBv1 since 2014, yet many companies still use it. We urge all organizations to regularly audit the configuration of their public facing services.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/