Confusing cloud settings cause personal data leak for Japan users
16:25 JST, May 3, 2021
Platform interface issues in a cloud system provided by a U.S. contractor exposed the personal information stored by dozens of municipalities and companies in Japan to unauthorized viewers, after users mistakenly configured the system’s settings to allow public access to their content.
Local governments and corporate users maintain that they chose the wrong settings due to the overly complicated nature of the system.
Warning that there may be even more companies who have similarly misconfigured their settings with the service, the National center of Incident readiness and Strategy for Cybersecurity (NISC) has asked the U.S. provider to remedy the situation.
Domestic giant affected
The service was provided by U.S.-based IT company Salesforce.com, Inc., whose Japanese subsidiary, Salesforce.com Co., is one of the leading names in cloud storage in Japan.
According to the Internal Affairs and Communications Ministry and the Personal Information Protection Commission, the data of 20 local governments, including the Funabashi and Ibaraki city governments, and 18 companies, including Rakuten Group Inc. and SMBC Nikko Securities Inc., was left accessible to unintended eyes. In all cases, the municipalities and companies had mistakenly set their privacy settings to allow public viewing.
The data of seven cities, including Kobe and Higashi-Murayama, and five companies, including Rakuten and SoftBank Group Corp.’s cashless payment service provider PayPay Corp., were found to have been accessed by outside parties, although it remains unknown whether the personal information was abused after being viewed.
The breaches came to light after PayPay announced in December that the names and contact information of its member store owners had been compromised. Later that month, Rakuten similarly announced that over 1.48 million sets of names and contact information, including those who had requested information on setting up an online shop with the cybermall had been exposed, and confirmed that it had found evidence that at least some of the datasets had been viewed by third-parties.
600-page instructions
Although Salesforce and other cloud computing service providers handle all of the back-end architecture for clients, it is up to the users to configure their privacy settings and access authorizations on the front end.
“It’s not that our company has flaws in our products, but that our clients misconfigured their access authorizations,” said a Salesforce spokesperson.
But the companies and local government offices that contract with Salesforce contend that their service is far from user-friendly.
“Just to identify where the problem was with our settings, we would have to read over 600 pages of instructions,” said an employee at an affected financial institution. “The company needs to provide more support.”
In January, Rakuten issued a statement, saying: “We have continued to ask the system provider for detailed information on specification changes and reconfigurations.”
"Business" POPULAR ARTICLE
-
Japan Business Circle Calls for China Resuming Visa-Free Travel; Keizai Doyukai Visit to Country Marks 1st in 8 Years
-
Japan’s Major Carmakers to Review Production Bases After Trump Win; Mexico Manufactured Vehicles Could be Hit by Tariffs
-
Japanese Companies Sprucing Up Employee Dorms to Attract New Workers, Keep Young Ones They Have
-
Japan’s Economy Expands Annualised 0.9% in Q3 on Tepid Capex
-
Nissan, Mitsubishi to Establish Joint Venture for Level 4 Autonomous Driving Service; EV Batteries also Within Scope
JN ACCESS RANKING
- Japan Business Circle Calls for China Resuming Visa-Free Travel; Keizai Doyukai Visit to Country Marks 1st in 8 Years
- Streaming Services Boost Anime Popularity Overseas; Former ‘Geeky’ Interest More Beloved Among Gen Z than 3 Major U.S. Sports
- Malaysia Growing in Popularity as Destination for Studying Abroad; British-style Education Available at Low Cost
- ‘Women Over 30 Would Have Uteruses Removed’; Remarks of CPJ Leader, Novelist Naoki Hyakuta Get Wide Attention
- APEC Leaders Vow to Maintain Free Trade System