The culprit is misconfigured Kafdrop interfaces, used for centralized management of the open-source platform.
Some of the world’s largest companies have exposed reams of sensitive information from the cloud, researchers said – thanks to misconfigured Kafdrop instances.
Kafdrop is a management interface for Apache Kafka, which is an open-source, cloud-native platform for collecting, analyzing, storing and managing data streams. Kafka has several common use cases; for instance, in the finance sector it’s often used for real-time data processing in order to catch and block fraudulent transactions as they occur. It the internet of things world, it can support “just-in-time” resource allocation for smart-grid applications and the like. Other uses include tracking application activity (user clicks, registrations, time spent on certain pages or features, orders, etc.); and event logging or real-time monitoring.
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive, anonymous Threatpost Poll!
Kafka is tailored for large companies, and is in use by 60 percent of the Fortune 100, it says, including Box, Cisco, Goldman Sachs, Intuit, Target and others, plus eight of 10 of the world’s largest banks,