Unsecured Azure Blob leaks over 40K US students’ data

Digital Pix & Composites, a professional photography firm specializing in graduation, fraternity, and sorority composites, had personal information from 43,000 students from 222 universities across the U.S., including Stanford University, the University of Maryland, University of Texas, and Washington University, exposed as a result of a misconfigured Microsoft Azure Blob instance, according to Cybernews.

Discovered within the 469 text files found from the exposed online storage service were individuals' full names, addresses, attended schools, and affiliated fraternities or sororities, reported the Cybernews research team.

Digital Pix & Composites was already informed regarding the compromise but has not yet acted to secure the database, noted researchers, who emphasized that the exposed information could be leveraged by attackers to facilitate doxing, spear-phishing, and social-engineering attacks.

Organizations have been urged to mitigate compromise by tracking access logs for unauthorized access, ensuring updated Azure Blob permissions and access controls, omitting unneeded public access configurations, and bolstering logging and monitoring activities.