« Blog Home

How to Prevent Data Leaks if Hackers Get Access to your Database?

Every week we hear about the latest website to get hacked, and hackers getting access to another database with consumers’ personal data inside.

Just in the last week there have been numerous reports of hacking, including stealing the medical records of 290,000 patients of the “Mor Medical Institute,” and releasing data of 1 million subscribers of a popular dating app.

All of this information was taken from databases containing private and sensitive information, which were stored in the website in an insecure manner.

security

The hackers allegedly gained access to the IIS server (Microsoft’s Internet Information Services) by hacking the hosting company, so they got access to all hosted websites. Then they reached out to the code as well as the databases, got all the passwords – which were exposed without hashing (e.g. as a clear text), so they could gain access to all information in the databases.

There is a simple solution that could have prevented this

One way to solve this, a solution that has already become a de-facto standard in recent years, is to use the HashiCorp Vault.

This is a popular open source product, and there is even a free edition that is often sufficient, while building the solution does not take too long.

Using HashiCorp Vault allows you to:

  1. Prevent entering the database’s username and password to your code – which prevents access to the database even if someone gets access to the code.
  2. Encryption mechanism without knowing the key – i.e . When you want to encrypt information before it goes into the database, you can use Vault in a manner so that the application isn’t familiar with the encryption key – then the information inside the database is useless for hackers, and even if they get access to the code – they do not know the encryption key!

This would prevent access to the data itself even if hackers could reach the database, which in fact prevents the hackers from accessing the important and sensitive information they were trying to obtain.

 

We (ALM-Toolbox) are the official representative of HashiCorp Vault in many countries including France and Israel, and we offer end-to-end solutions for Vault.
We can inspect your current system, plan a solution that fits your needs and quickly implement it.
We also provide ongoing support including managed service, SLA, Enterprise capabilities and Enterprise subscription licenses.
We also provide HashiCorp Vault training and secure development training.For more details contact us: hashicorp@almtoolbox.com or +972-722-405-222

 

Related links