Atlassian password breach due to forgotten database

The recent database breach that exposed passwords that hit software development tool maker Atlassian was, due, in their words to an old database table that “was not taken offline or deleted, and it is this database table that we believe could have been exposed during the breach.”

Amichai Shulman, Imperva’s CTO explains, “This is an example of a database that was forgotten and left unprotected—something that happens more frequently that most would prefer to admit. In this case, the database contained sensitive information, but once it wasn’t used as a production system it was forgotten. Unmanaged systems put sensitive data residing on them at a high risk - unmanaged systems are the top targeted systems.”

“In order to protect sensitive data, organizations must ensure that ALL their databases are managed and under control,” recommended Shulman. “It is imperative that organizations scan their networks to discover databases, including unmanaged databases, and follow with data discovery and classification which provides the needed awareness. Access to databases hosting sensitive data should be tightly controlled and the data must be protected from both external threats (hackers) and malicious insiders.”

Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognized for its overall ease of management and deployment. For more information, visit www.imperva.com.

Source: Eskenzi PR