Internet Society says member data exposed in Azure breach

ComputerWeekly reports that more than 80,000 members of the nonprofit organization The Internet Society had their personal data exposed following a breach of data available in an insecure Microsoft Azure cloud repository, which contained millions of JSON files, including full names, mailing and email addresses, and credentials, according to a Clario report done in collaboration with independent security researcher Bob Diachenko. ISOC said it secured the compromised repository on December 15, a week after being informed by Clario, though it conceded that "based on the size and nature of the exposed repository, we can assume that all of the members' login and adjacent information was open to the public internet for an undefined period of time." ISOC has attributed the compromise to a third-party vendor, which failed to properly configure the nonprofit's association management system. "Fortunately, we have not seen any instances of malicious access to member data as a result of this issue," ISOC added. Meanwhile, researchers said that the incident should prompt more robust security at ISOC. "The breach suggests ISOC needs to do more to enhance [its] security infrastructure and adhere to the best practices they champion around making the internet stronger and more secure," added researchers.