State agency exposes 3TB of data, including FBI info and remote logins
Oklahoma’s Department of Securities (ODS) exposed three terabytes of files in plain text on the public internet this month, which contained sensitive data including social security numbers, details of FBI investigations, credentials for remote access to computers, and the names of AIDS patients.
Researchers at security company UpGuard found the files using the Shodan search engine, which indexes internet-connected devices. In this case, they ran across an unsecured rsync server registered to ODS.
Rsync is a utility commonly found on Unix and Linux systems that enables administrators to synchronize files between different computers. It is used for ‘delta’ syncing, in which one computer copies to another only the parts of files that have changed, enabling them to maintain identical copies of the files in different locations.