House of Cards Publisher exposed thousands of sensitive files when their backup was left publicly available.Back to blog
The Kromtech Security Center team has discovered a new data breach which affected Bell Lomax Moreton (BLM). The breach has exposed a treasure trove of client information, revenue, royalties and more. Founded in 2000 by Eddie & June Bell, Pat Lomax and Paul Moreton, the Bell Lomax Agency is based in London, this is small but prestigious literary agency which represents a wide range of distinguished authors and illustrators, writing and illustrating adult fiction, non-fiction and children’s books.
One of their most notable authors is Michael Dobbs who not only wrote a series of novels about Winston Churchill, but also wrote House of Cards. The novel became a hit show as an American political drama in a Netflix series of the same name. Included in the backup is an “revised version” in a simple word document.
The publisher has accidentally exposed its backup device to the public internet. The Rsync (remote synchronization protocol) was misconfigured with no security protections and this could allow anyone with internet access to see their most sensitive data. Kromtech Researchers were able to access thousands of documents, including Bell Lomax Agency’s Quickbooks accounting files, archive email boxes, financial data, expenses, administrative details, royalties and client details for 2014-2015.
The Danger of Leaking Your Entire Business Online
Kromtech Security Center experts issued several community warnings in the past alerting about the dangers of having non-protected Rsync protocols in place, but this problem still happens far too often.
Bob Diachenko, chief security communication officer at Kromtech Security Center:
This breach is once again another reminder that all companies who manage sensitive data must do more to protect their files, customers, or intellectual property stored online. There are serious potential threats from cyber criminals who can access sensitive data. These range from extortion to identity fraud, and other cyber crimes.
Researchers identified that the files were visible via open port 873 which allowed anyone with an internet connection to connect with a command-line utility. IT Administrators can easily restrict who has permissions or access, but far too often they leave the remote synchronization protocol unprotected or with a public setting. It is imperative that companies and organizations both large and small have a security review processes or cyber security audit in place to ensure security gaps are identified and closed immediately.
Alex Kernishniuk, VP of strategic alliances at Kromtech, commented on the breach:
There has never been a greater public awareness of data protection and it seems like almost daily there is yet another reminder. As the last few years have shown us the threats only increase and security professionals must adapt fast to new emerging threats. Unlike the scripted drama in The House of Cards, the danger online is real. Misconfigured backups are a serious issue could severely damage a company’s business, customers, employees or partners. If you or your company use an Rsync protocol, take the time to review the security configuration.
After contacting the agency on August 29, backup device was secured. Paul Moreton commented with the following statement:
We are grateful to Kromtech Security for pointing out a flaw in the security of our back up files. We recently moved to offsite back up but will now return to backing up onsite only. We have disabled the offsite back up with immediate effect.
Attention - Portions of this article may be used for publication if properly referenced and credit is given to Kromtech Security Center.
Do you have security tips or suggestions? Contact: email@example.com