Exclusive A Cayman Islands-based investment fund has exposed its entire backups to the internet after failing to properly configure a secure Microsoft Azure blob.
Details of the fund's register of members and correspondence with its investors could be freely read by anyone with the URL to its Azure blob, the Microsoft equivalent of an Amazon Web Services S3 storage bucket.
As well as publicly exposing who its shareholders are, how many shares they hold, and the value of those holdings, the fund – which The Register is not naming after it agreed to talk in depth about its incident response process – had also saved a scanned copy of its online banking PIN to the blob. The Register viewed a subset of files from the blob to confirm their ownership and authenticity.
cayman islands investment entire filestore viewable world unsecured azure
