Fasten Data Breach (2017)

Boston-based ride-hailing hopeful Fasten has coughed to a million-customer data breach that happened because someone left a database lying around unsecured. The breach was turned up by cloud-crowd Kromtech, whose Bob Diachenko wrote late last week that the company had a misconfigured Apache Hive database exposed on the Internet. Hive is a data warehouse system built on top of Hadoop. “The server was left open for end-user access and this also let anyone with an internet connection access Fasten’s internal data”, he wrote. The exposed customer data included names, e-mails, telephone numbers, IMEI codes, trip details (pick-up and drop-off points), and links to photos. Corporate data, including a few thousand driver profiles, routes, comments about drivers, car registration, and photos of drivers’ vehicles.