RigUp data breach: 76,000 files exposed

vpnMentor recently reported a serious data breach, RigUp data was found in the Amazon Web Services (AWS) S3 bucket that exposed tens of thousands of private documents of American energy industry organizations and individuals.

It is reported that American software company RigUp was established in 2014 as a labor market and service provider for the US energy industry. It is a software company that links independent contractors with companies across the United States and has been promoting resource integration in the energy industry.

vpnMentor reported that the discovered database contained more than 76,000 confidential documents related to companies and individuals using the platform, and the size of the leaked database exceeded 100GB, which contained data stored between July 2018 and March 2020.

It is understood that some of the leaked documents are also related to human resources in the energy industry, including a large amount of personally identifiable information, such as employee and candidate resumes, personal photos, insurance policies, and paperwork related to energy plans and IDs. At the same time, the database also includes business operations, projects, and internal records of many energy companies, including project proposals and applications, project outlines, technical drawings for drilling equipment, and company insurance documents.

Regarding this serious data breach, vpnMentor said that the data currently leaked is very dangerous. If a hacker discovers the database, then for the hacker, the data is definitely a “gold mine” for launching cyber attacks on the energy industry. The security company also pointed out that the root cause of this problem is that RigUp does not fully protect the security of the database, which exposes a large amount of confidential information.

After receiving an alert about the incident, RigUp stated that such vulnerabilities are almost related to human error. Either the data management personnel did not follow the documentation or the security personnel failed to perform important security steps in the deployment process. Therefore, to deal with such incidents still needs to continuously improve people’s awareness of the risks associated with cybersecurity, and remain vigilant when it comes to human actions.