{"id":5397,"date":"2021-06-17T10:03:07","date_gmt":"2021-06-17T14:03:07","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=5397"},"modified":"2021-06-18T09:10:36","modified_gmt":"2021-06-18T13:10:36","slug":"cvs-database-containing-over-1-billion-records-exposed","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/","title":{"rendered":"CVS Database Containing Over 1 Billion Records Exposed"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-4581\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\" alt=\"CVS Database Containing Over 1 Billion Records Exposed\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><b><i>Security researchers discovered a CVS database containing 1.1 billion records exposed online. The database did not require any form of authentication or <a href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\">access management security<\/a>.\u00a0<\/i><\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">WebsitePlanet and security researcher Jeremiah Fowler <a href=\"https:\/\/www.websiteplanet.com\/blog\/cvs-health-leak-report\/\" target=\"_blank\" rel=\"noopener\">originally discovered<\/a> and reported on the leak. While the CVS database did not contain sensitive information, it did contain visitor IDs, session IDs, device information, email addresses, and search queries. Among these search queries on CVS.com and CVSHealth.com, customers sought information on medications and COVID-19 vaccines. The potential for abuse by phishers is obvious.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">A third party was responsible for the dataset and the exposure; CVS immediately closed the database when informed of it by WebsitePlanet.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">We consulted with <span style=\"text-decoration: underline\"><strong><a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener\">cybersecurity<\/a><\/strong><\/span> experts on this data exposure. Here\u2019s what they had to say.\u00a0<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2021\/02\/Identity_Suggestion_Engine_Horiz_800.gif\" alt=\"IAM Solution Suggestion Engine\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<h2 style=\"text-align: justify\"><b>CVS Database Containing Over 1 Billion Records Exposed<\/b><\/h2>\n<h3 style=\"text-align: justify\"><b>Jasen Meece<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Jasen Meece is CEO of <\/span><\/i><a href=\"https:\/\/cloudentity.com\/\" target=\"_blank\" rel=\"noopener\"><i><span style=\"font-weight: 400\">Cloudentity<\/span><\/i><\/a><i><span style=\"font-weight: 400\">.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Unfortunately, this isn\u2019t the first time a misconfiguration has exposed massive amounts of data online without any password protection or authentication controls in place. To prevent misconfigurations, organizations must implement identity and access management (IAM) controls on their databases and all other resources within their network to ensure every point of entry is secured. Additionally, they must follow a Zero Trust approach to confirm every user is continuously authorized based on context (who, what, where, when, etc.) before obtaining access to the system. Enabling these proactive measures can ensure all corporate and customer data is secure and safe from the hands of cyber-criminals.<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>David Pickett<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">David Pickett is a Senior Cybersecurity Analyst at <\/span><\/i><a href=\"https:\/\/zix.com\/\" target=\"_blank\" rel=\"noopener\"><i><span style=\"font-weight: 400\">Zix I AppRiver<\/span><\/i><\/a><i><span style=\"font-weight: 400\">.\u00a0\u00a0\u00a0<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">&#8220;The exposure of over a billion records belonging to CVS Health highlights the importance of protecting sensitive customer information as well as ensuring your organization and any third-party vendors who have been brought on to help with security and cloud migration have proper security measures in place. Companies that house personal information for millions of customers need to reflect on their current password practices and ensure they are building the safest habits to protect their companies and customers from cyber-criminals. In this case, the database was not protected by a password and had no authentication requirements. Implementing two-factor authentication (2FA) or a multi-factor authentication (MFA) protection approach provides an extra layer of security by making users confirm their identity, most often via a unique code sent to the user&#8217;s phone, email address or through an authenticator app, after entering their username and password. It\u2019s getting easier for cyber-criminals to breach even the most complex password, which is why implementing 2FA is critical. Another component to be mindful of when working with third-party vendors that have access to company data is reviewing and understanding what the vendor agreement encompasses for security practices. These solutions will help to prevent companies from becoming another statistic in a long list of companies who have had data exposed online.\u201d<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Pravin Rasiah<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Pravin Rasiah is VP of Product of <\/span><\/i><a href=\"https:\/\/cloudsphere.com\/\" target=\"_blank\" rel=\"noopener\"><i><span style=\"font-weight: 400\">CloudSphere<\/span><\/i><\/a><i><span style=\"font-weight: 400\">.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cHealthcare systems, entrusted with large amounts of information, must be hypervigilant in protecting all of the data they collect. Patient records, visitor sessions, and logging information are all at risk. Leaving a database exposed without a password or authentication to prevent unauthorized entry is a surefire way to put this highly sensitive data in jeopardy. The complexity of cloud platforms means that without proper awareness of user access, any gap in security could leave the door open for cyber-criminals to infiltrate. To ensure data remains secure, a governance platform with the ability to provide real-time updates within the cloud landscape is vital. With holistic visibility into complex deployments, user access, and security guardrails in place to identify and remediate potential misconfigurations, healthcare organizations can properly secure and protect their patients\u2019 information.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><div class=\"hr hr\"><\/div><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Thanks to these experts for their time and expertise on the CVS database exposure. For more on how to secure your enterprise, check out the <a href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline\"><strong>Solutions Suggestion Engine<\/strong><\/span><\/a> or the <span style=\"text-decoration: underline\"><strong><a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener\">Identity Management Buyer\u2019s Guide<\/a><\/strong><\/span>.\u00a0<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2021\/02\/Identity_Suggestion_Engine_Horiz_800.gif\" alt=\"IAM Solution Suggestion Engine\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Security researchers discovered a CVS database containing 1.1 billion records exposed online. The database did not require any form of authentication or access management security.\u00a0 WebsitePlanet and security researcher Jeremiah Fowler originally discovered and reported on the leak. While the CVS database did not contain sensitive information, it did contain visitor IDs, session IDs, device [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":4581,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[142,125,1013,1713,1714,1715,16,112,1204,76,425,1680],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>CVS Database Containing Over 1 Billion Records Exposed<\/title>\n<meta name=\"description\" content=\"Security researchers discovered a CVS database containing 1.1 billion records exposed online. The database did not require any form of authentication.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/\",\"name\":\"CVS Database Containing Over 1 Billion Records Exposed\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\",\"datePublished\":\"2021-06-17T14:03:07+00:00\",\"dateModified\":\"2021-06-18T13:10:36+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Security researchers discovered a CVS database containing 1.1 billion records exposed online. The database did not require any form of authentication.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"CVS Database Containing Over 1 Billion Records Exposed\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVS Database Containing Over 1 Billion Records Exposed\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVS Database Containing Over 1 Billion Records Exposed","description":"Security researchers discovered a CVS database containing 1.1 billion records exposed online. The database did not require any form of authentication.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/","url":"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/","name":"CVS Database Containing Over 1 Billion Records Exposed","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg","datePublished":"2021-06-17T14:03:07+00:00","dateModified":"2021-06-18T13:10:36+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Security researchers discovered a CVS database containing 1.1 billion records exposed online. The database did not require any form of authentication.\u00a0","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg","width":800,"height":400,"caption":"CVS Database Containing Over 1 Billion Records Exposed"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/cvs-database-containing-over-1-billion-records-exposed\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"CVS Database Containing Over 1 Billion Records Exposed"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5397"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=5397"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5397\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/4581"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=5397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=5397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=5397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}