{"id":1001,"date":"2020-01-28T10:16:57","date_gmt":"2020-01-28T09:16:57","guid":{"rendered":"https:\/\/sast-blog.akquinet.com\/?p=1001"},"modified":"2020-07-24T12:10:06","modified_gmt":"2020-07-24T10:10:06","slug":"the-buchbinder-case-how-incorrect-configurations-impact-data-security","status":"publish","type":"post","link":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/","title":{"rendered":"The Buchbinder case: how incorrect configurations impact data security"},"content":{"rendered":"

\"DataOn January 23, 2020, news broke on one of the biggest data leaks to date in Germany. Apparently, it was possible for anyone on the Internet to gain full access to the backup of the entire database of car rental company Buchbinder. The ramifications are difficult grasp.<\/p>\n

<\/p>\n

Not even a password stood in the way of viewing invoices, contracts and customer data. It didn\u2019t end there, either: Information about accident reports, bank details and access data to Buchbinder was freely available.<\/p>\n

While Buchbinder itself does stand to suffer the greatest damage to its reputation and despite publishing a statement that the leak had already been patched on January 20th<\/sup>, customer data including names, birthdates, telephone numbers and driver’s license numbers belonging to over three million people, from private individuals to public figures, is now in circulation. The total number of records involved is simply immense. This is because the contract data stretches back to 2003 and includes people who never signed a Buchbinder rental contract. It is not yet possible to put a number on the damage caused by this data leak.<\/p>\n

Strengthening IT and data security by auditing configurations<\/strong><\/h2>\n

The leak was made possible by a careless configuration mistake by a service provider: The TCP port 445 was accessible from anywhere in the world and entirely unprotected. We firmly believe that everyone with IT responsibilities has a duty to learn from what happened here. Existing measures in place for protecting company data should be audited on a regular basis.<\/p>\n

At akquinet AG, SAST SUITE offers a solution for auditing the security configurations for your SAP systems. Regular, automatic audit runs help you protect your company data while maintaining the necessary level of transparency to effectively prevent unauthorized direct data outflows from your SAP systems.<\/p>\n

Would you like to learn more about data security in SAP landscapes? Feel free to visit our SAST SOLUTIONS website<\/a> or just get in touch: sast@akquinet.de<\/a><\/p>\n

\"Jan-Uwe
\nJan-Uwe Fink (SAP Security Consultant, SAST SOLUTIONS)<\/strong><\/p>\n

 <\/p>\n

Further articles on SAP Security & Compliance:<\/h2>\n

The Most Important Elements of a Cybersecurity Strategy<\/a><\/p>\n

SAP Security: Five Ways to Make Sure You\u2019ll Be Hacked<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

On January 23, 2020, news broke on one of the biggest data leaks to date in Germany. Apparently, it was possible for anyone on the Internet to gain full access to the backup of the entire database of car rental company Buchbinder. The ramifications are difficult grasp.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[25,156,58,80,114],"class_list":["post-1001","post","type-post","status-publish","format-standard","hentry","category-sap-threat-detection","tag-cyber-attack","tag-cyber-security","tag-real-time-monitoring","tag-sap-security","tag-threat-detection"],"yoast_head":"\nThe Buchbinder case: Data security endangered by misconfiguration<\/title>\n<meta name=\"description\" content=\"Data security: Anyone who fails to make timely efforts to protect IT systems against unauthorized access risks not only a loss of data but also of image.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Buchbinder case: how incorrect configurations impact data security\" \/>\n<meta property=\"og:description\" content=\"Data security: Anyone who fails to make timely efforts to protect IT systems against unauthorized access risks not only a loss of data but also of image.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/\" \/>\n<meta property=\"og:site_name\" content=\"SAST BLOG\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-28T09:16:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-07-24T10:10:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2018\/03\/sast-blog_sapsecuritynotes.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"333\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"securityblog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"The Buchbinder case: how incorrect configurations impact data security\" \/>\n<meta name=\"twitter:description\" content=\"Data security: Anyone who fails to make timely efforts to protect IT systems against unauthorized access risks not only a loss of data but also of image.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2018\/03\/sast-blog_sapsecuritynotes.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"securityblog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/\"},\"author\":{\"name\":\"securityblog\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/person\\\/cd70e3749cca136a7e8a37dc1d3cfc26\"},\"headline\":\"The Buchbinder case: how incorrect configurations impact data security\",\"datePublished\":\"2020-01-28T09:16:57+00:00\",\"dateModified\":\"2020-07-24T10:10:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/\"},\"wordCount\":364,\"publisher\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2018\\\/03\\\/sast-blog_sapsecuritynotes-300x200.jpg\",\"keywords\":[\"Cyber Attack\",\"Cyber Security\",\"Real-time monitoring\",\"SAP Security\",\"Threat Detection\"],\"articleSection\":[\"SAP Threat Detection\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/\",\"name\":\"The Buchbinder case: Data security endangered by misconfiguration\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2018\\\/03\\\/sast-blog_sapsecuritynotes-300x200.jpg\",\"datePublished\":\"2020-01-28T09:16:57+00:00\",\"dateModified\":\"2020-07-24T10:10:06+00:00\",\"description\":\"Data security: Anyone who fails to make timely efforts to protect IT systems against unauthorized access risks not only a loss of data but also of image.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2018\\\/03\\\/sast-blog_sapsecuritynotes-300x200.jpg\",\"contentUrl\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2018\\\/03\\\/sast-blog_sapsecuritynotes-300x200.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2020\\\/01\\\/28\\\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Buchbinder case: how incorrect configurations impact data security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#website\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/\",\"name\":\"SAST BLOG\",\"description\":\"SAP Security & Compliance\",\"publisher\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#organization\",\"name\":\"SAST BLOG\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/sast-solutions-logo.png\",\"contentUrl\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/sast-solutions-logo.png\",\"width\":358,\"height\":155,\"caption\":\"SAST BLOG\"},\"image\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/person\\\/cd70e3749cca136a7e8a37dc1d3cfc26\",\"name\":\"securityblog\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Buchbinder case: Data security endangered by misconfiguration","description":"Data security: Anyone who fails to make timely efforts to protect IT systems against unauthorized access risks not only a loss of data but also of image.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/","og_locale":"en_US","og_type":"article","og_title":"The Buchbinder case: how incorrect configurations impact data security","og_description":"Data security: Anyone who fails to make timely efforts to protect IT systems against unauthorized access risks not only a loss of data but also of image.","og_url":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/","og_site_name":"SAST BLOG","article_published_time":"2020-01-28T09:16:57+00:00","article_modified_time":"2020-07-24T10:10:06+00:00","og_image":[{"width":500,"height":333,"url":"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2018\/03\/sast-blog_sapsecuritynotes.jpg","type":"image\/jpeg"}],"author":"securityblog","twitter_card":"summary_large_image","twitter_title":"The Buchbinder case: how incorrect configurations impact data security","twitter_description":"Data security: Anyone who fails to make timely efforts to protect IT systems against unauthorized access risks not only a loss of data but also of image.","twitter_image":"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2018\/03\/sast-blog_sapsecuritynotes.jpg","twitter_misc":{"Written by":"securityblog","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/#article","isPartOf":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/"},"author":{"name":"securityblog","@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/person\/cd70e3749cca136a7e8a37dc1d3cfc26"},"headline":"The Buchbinder case: how incorrect configurations impact data security","datePublished":"2020-01-28T09:16:57+00:00","dateModified":"2020-07-24T10:10:06+00:00","mainEntityOfPage":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/"},"wordCount":364,"publisher":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#organization"},"image":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/#primaryimage"},"thumbnailUrl":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2018\/03\/sast-blog_sapsecuritynotes-300x200.jpg","keywords":["Cyber Attack","Cyber Security","Real-time monitoring","SAP Security","Threat Detection"],"articleSection":["SAP Threat Detection"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/","url":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/","name":"The Buchbinder case: Data security endangered by misconfiguration","isPartOf":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/#primaryimage"},"image":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/#primaryimage"},"thumbnailUrl":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2018\/03\/sast-blog_sapsecuritynotes-300x200.jpg","datePublished":"2020-01-28T09:16:57+00:00","dateModified":"2020-07-24T10:10:06+00:00","description":"Data security: Anyone who fails to make timely efforts to protect IT systems against unauthorized access risks not only a loss of data but also of image.","breadcrumb":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/#primaryimage","url":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2018\/03\/sast-blog_sapsecuritynotes-300x200.jpg","contentUrl":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2018\/03\/sast-blog_sapsecuritynotes-300x200.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/sast-solutions.com\/blog-en\/2020\/01\/28\/the-buchbinder-case-how-incorrect-configurations-impact-data-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sast-solutions.com\/blog-en\/"},{"@type":"ListItem","position":2,"name":"The Buchbinder case: how incorrect configurations impact data security"}]},{"@type":"WebSite","@id":"https:\/\/sast-solutions.com\/blog-en\/#website","url":"https:\/\/sast-solutions.com\/blog-en\/","name":"SAST BLOG","description":"SAP Security & Compliance","publisher":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sast-solutions.com\/blog-en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sast-solutions.com\/blog-en\/#organization","name":"SAST BLOG","url":"https:\/\/sast-solutions.com\/blog-en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/logo\/image\/","url":"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2021\/03\/sast-solutions-logo.png","contentUrl":"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2021\/03\/sast-solutions-logo.png","width":358,"height":155,"caption":"SAST BLOG"},"image":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/person\/cd70e3749cca136a7e8a37dc1d3cfc26","name":"securityblog"}]}},"_links":{"self":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts\/1001","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/comments?post=1001"}],"version-history":[{"count":4,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts\/1001\/revisions"}],"predecessor-version":[{"id":1304,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts\/1001\/revisions\/1304"}],"wp:attachment":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/media?parent=1001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/categories?post=1001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/tags?post=1001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}