go to sections menu

Here we go, yet another 10 million people have been taken … from pray.com had no comment from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > Here we go, yet another 10 million people have been taken … from pray.com had no comment

Go to Homepage, contents or to navigation menu



Here we go, yet another 10 million people have been taken … from pray.com had no comment

I guess that we shouldn’t be surprised about the 10 million people that got breached this time, but the complexity of people who got breached.

This breach came from both a misconfiguration of AWS buckets and configured private buckets, but this goes beyond that.

Several open databases totaling 262gb of data is only the beginning of this article.

The article in part says:

80,000 files contained various personal identifiable information (PII) for tens of millions of people – and not just from Pray.com users.

There’s much more than this, and it isn’t looking good.

Cloud Complexity

Interestingly, a little over 80,000 files were made private, only accessible to people with the right security permissions. However, these files were being exposed through a second Amazon service, vpnMentor found, demonstrating the complexity that cloud configurations can entail.

“Through further investigation, we learned that Pray.com had protected some files, setting them as private on the buckets to limit access,” they explained. “However, at the same time, Pray.com had integrated its S3 buckets with another AWS service, the AWS CloudFront content delivery network (CDN). Cloudfront allows app developers to cache content on proxy servers hosted by AWS around the world – and closer to an app’s users – rather than load those files from the app’s servers. As a result, any files on the S3 buckets could be indirectly viewed and accessed through the CDN, regardless of their individual security settings.”

They added, “Pray.com’s developers accidentally created a backdoor that gave complete access to all the files they had tried to protect.”

They accidently did this? This is a big accident, and to read all the details on this, the article Good Heavens! 10M Impacted in Pray.com Data Exposure should be read and if you are effected by this, the security box or tech box want to talk to you about your use of this application.


Informazioni sull'articolo

Here we go, yet another 10 million people have been taken … from pray.com had no comment was released on November 22, 2020 at 5:45 pm by tech in article commentary.
Last modified: November 22, 2020.


Comments (0)

No comments yet.

Leave a comment

You must be logged in to post a comment.

go to sections menu


navigation menu

go to sections menu