MyEasyDocs is a Chennai, India based online documents verification platform whose Microsoft Azure server exposed data of over 57,000 students.
The team of IT security researchers at vpnMentor led by Noam Rotem identified a misconfigured Microsoft Azure server that exposed the personal and educational records of tens of thousands of students from India and Israel.
The exposed server belonged to Myeasydocs, an online data verification platform based in Chennai, India. Myeasydocs specialises in verifying documents related to banking, colleges, universities, goverment institutians and law enforcement agencies.
To verify, users are required to submit their records via Myeasydocs’ software which are then uploaded to the company’s cloud server. In this case, it was a Microsoft Azure server left exposed without any security authentication.
This means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms would have complete access to the exposed data which contained 30.5GB worth of files belonging to 57,400 Israeli and Indian students.
The breach we discovered was connected to an Israeli URL owned by a company that appeared to facilitate Indian students submitting documents to educational institutes in Israel and India.
vpnMentor – Blog post
Upon analysing the trove of data, researchers