A spat of corporate data breaches in the past year, including one at document management cloud platform Lumin PDF, has set many worrying if their data is at risk in the cloud. 

Data breaches are grabbing attention like never before because more and more people are using cloud platforms. There are different consequences of breaches including destruction or corruption of databases, the leaking of confidential information, or theft of intellectual property. It depends on whether or not sensitive data like passwords was accessed in the attack. 

2019 was the biggest year on record for data breaches. Lumin PDF, a cloud editing platform, was among dozens of enterprise companies and institutions to have its cloud database compromised. So how has the company responded following the system breach, and is Lumin PDF safe? We'll review Lumin PDF to see what happened to their database last year and what steps the company has taken to protect itself from a repeat data leak in the future.

Why the breach happened

Statista says that cybercrime is on the rise. In 2014, reported breaches neared 800, exposing a total of 85.61 million records. By 2017, that number had already doubled, reaching 1,632 reported breaches. 2019 was hardly less exciting. Before the end of the year, hackers had accessed over 400 billion user records, often targeting leading corporations, among them Apple, Amazon, DNA platform MyHeritage, and two of Facebook's third-party data collection providers.  

These companies' choice of data storage platform, MongoDB, was the common thread across many of these breaches. One of the most popular NoSQL databases, MongoDB is used by a number of top companies across industries for its flexible data model, excellent query performance, and high scalability. 

What was not known about the database initially is that MongoDB was operating using outdated instances. This made its clients like alpaca on the open savannah. According to Victor Gevers, a security researcher at GDI Foundation, another reason for these incidents is old MongoDB instances deployed via cloud hosting services. "The databases with the highest risk of attack on MongoDB are hosted on AWS," says Gevers. Furthermore, MongoDB failed to provide an authentication mechanism when used in shared mode. 

The results of MongoDB's negligence were catastrophic. In 2019, a notable number of companies that were running on the server became the victims of a chain of attacks by cybercriminals who copied user data for themselves and then deleted the originals. In the resulting breaches, hackers stole upwards of 800 million user records and held this data for ransom in Bitcoin. As companies rushed to hand over the demanded sums, it quickly became obvious that these criminals did not intend to return all data. Many companies that paid the ransoms were rewarded with empty databases despite meeting the hackers' demands. Some businesses that had not had sensitive data stolen were wary of falling into the same trap. They decided their resources would be better spent on preventing a similar attack in the future.. 

After attacks on Mongo databases, hackers successfully diversified efforts to MySQL, ElasticSearch, CouchDB, and Cassandra servers.

How Lumin PDF is securing its servers

As a response to last year's breach, Lumin PDF has redesigned its approach to user security. "We have now employed techniques like double encryption and role-based access control in order to mitigate risk to the highest degree possible," says Max Ferguson, CEO of Lumin PDF. "The first thing we did was implemented a multi-layered strategy. Data stays protected underneath several strong layers of security. This has been the approach of many other targeted businesses, as well."

Since the attack, Lumin PDF has added more security measures to its original policies. 

•  Heightened role-based access control. The risk of internal breach is siginificanlty limited by increased requirements for authentication. Access controls have also been narrowed.

•  Implemented Transport Layer Security. Transport Layer Security, or TLS, prevents man-in-the-middle attacks (MITM). An MITM happens when users unknowingly have their communications intercepted by a cybercriminal, who then steals or alters the data flowing between them. TLS encryption is superior to many other types of encryption because of two distinct qualities: first, it is encoded symmetrically; second, public keys are also encrypted. In the event that a hacker is able to bypass these strong layers of encryption, the system automatically sends a notification to the system administrator.

•  Launched multi-layer encryption. Secure session tokens now protect all data. If a hacker succeeds in breaching the outer layer of security, the session tokens will prevent that individual from accessing the database. 

•  Continuous system auditing. Security events can be written either to a syslog connection or to a file when continuous system auditing is implemented. Then, a comprehensive log aggregator can process the events, or this data can be processed by a security information and event management tool (SIEM). In the SIEM, security events are analyzed in real-time to understand if malicious activity is a threat.

•  Increased firewall protection. All Lumin PDF databases and servers are protected with thick firewalls. 

•  Tightened link sharing policies. Sometimes, data is accessed by third parties when users accidentally opt for public access rather than individual access in their sharing settings. To prevent this, Lumin PDF asks users to confirm their sharing settings individually for each file. 

In the cloud or on your hard drive, the hard truth is that risk is an unavoidable part of sharing information in the digital age. Assessing risk for each platform you use is an important piece of digital citizenship. Lumin PDF's beefed up security measures show that they are not taking user security lightly -- and they're succeeding quite well.