In 2018, Bob Gilbert of Netskope.com wrote an article entitled There’s a place that is scarier than the Dark Web, and coined the term “bright web.” Specifically, in their terms, “bright web” refers to “…places on the public internet where you can easily upload and share sensitive data-in many cases anonymously without requiring you to create an account tied to a credit card.”
Shocking as this may sound, it’s absolutely true, and it isn’t even difficult to find most of this information. There are a number of forums and databases where you can find things like social security numbers, birthdays, credit card numbers, addresses, etc., such as ssn24.me, and numerous others.
In the Netskope article, as a representation, they created a fake person named Frank Altos, along with fictitious personal details that could be shared and leaked onto various parts of the web. For the purposes of this article, let’s create a new fake person:
Name: Derek D. Calvo
Address: 4365 Melrose Street, Bickleton, WA, 99322
Phone Number: 509-896-2414
Mobile Phone Number: 509-480-4331
Credit Card: Visa – Number: 4929758194303718 – CVV: 562 – Expiration Date: 07/2023
In the article, researchers then looked for places in which to upload their fake information; most of these were cloud services like DropBox, OneDrive, Box, Citrix, and Wetransfer. Such services may make it easy to upload and transfer data, but on the other hand, it also makes it simple for attackers to access it, particularly if someone accidentally makes the information public. Add that to IoT search engines and monitoring services like Shodan and IVRE, and there are countless ways that data can be leaked about a person, or an organization.
Using the fictitious person profile for Derek D. Calvo, you can, for instance, upload his information to any of these cloud services, and if left open to the public or protected only by a weak password, it would be simple for Calvo’s information to end up in the hands of someone with malicious intent.
Netskope also makes the point that similar data leaks happen via presentation-sharing services like SlideShare and Prezi. As on the cloud services, if a presentation is shared publicly, then anyone can find that information using a Google search, etc. While some of the search results are innocuous, many also contain personal information. As with the cloud service example, you could easily make a SlideShare account and post Calvo’s data on a slideshow as well.
Being aware of these potential risks, then, is the first step. Just as Shodan and other such services can expose security leaks, knowing that cloud services and virtual presentation software can pose risks for people’s data should motivate people to take precautions before using them. If a presentation isn’t meant for public viewing, then make it private. If sensitive information is present in a file, make sure to at least use a reasonably strong password and a cloud service that has strong encryption, if you need to use one at all.
There’s no need to be using passwords like “12345” anymore with the myriad of password managers and generators that exist today, so people may as well start using them! With regard to things like virtual meetings and such, Zoom isn’t the only option, either. Do more research and see what options are available to prevent having unwanted information show up in search engine results.