Incident Details
BrowserStack, a popular cloud testing platform, suffered a data breach in November 2014 after an attacker exploited an old prototype machine using the shellshock vulnerability. The compromised machine held AWS API access keys which the attacker used to access BrowserStack's customer data.
Incident
How Did the Breach Happen?
The breach occurred when an attacker found an old EC2 instance that was vulnerable to the shellshock exploit due to not being updated. The attacker used this machine to create a new IAM user and SSH Key, launching a new EC2 instance and accessing BrowserStack's data.
What Data has been Compromised?
The attacker compromised a database containing user information such as email addresses, hashed passwords, and the last tested URL. They also sent out false emails to 5,000 users claiming BrowserStack was shutting down.
Why Did the company's Security Measures Fail?
The breach happened because BrowserStack had not applied security updates to an inactive machine, which held active AWS API access keys and was therefore a vulnerability within their network.
What Immediate Impact Did the Breach Have on the company?
The breach caused an operational outage and damaged the company's reputation by causing alarm among its users when they received emails declaring BrowserStack was shutting down.
How could this have been prevented?
The breach could have been prevented by regularly patching all servers with security updates, rotating access keys to the cloud environment, terminating unnecessary cloud resources, and implementing event logging and additional checks for changes made within the AWS environment.
What have we learned from this data breach?
The BrowserStack data breach teaches the importance of regular updates and security patching, even for inactive machines. It also underscores the necessity of rotating cloud environment access keys, event logging, terminating unneeded cloud resources, and the effective use of tools like AWS CloudTrail to monitor auditable events.
Summary of Coverage
BrowserStack experienced a data breach in November 2014 due to an unpatched server vulnerable to the shellshock exploit. An attacker exploited this machine to access AWS services, extract user information, and send out misleading emails. The incident highlighted the need for better security practices, including regular updates, termination of unnecessary resources, and improved monitoring of cloud services.