Confusing cloud settings cause personal data leak for Japan users
16:25 JST, May 3, 2021
Platform interface issues in a cloud system provided by a U.S. contractor exposed the personal information stored by dozens of municipalities and companies in Japan to unauthorized viewers, after users mistakenly configured the system’s settings to allow public access to their content.
Local governments and corporate users maintain that they chose the wrong settings due to the overly complicated nature of the system.
Warning that there may be even more companies who have similarly misconfigured their settings with the service, the National center of Incident readiness and Strategy for Cybersecurity (NISC) has asked the U.S. provider to remedy the situation.
Domestic giant affected
The service was provided by U.S.-based IT company Salesforce.com, Inc., whose Japanese subsidiary, Salesforce.com Co., is one of the leading names in cloud storage in Japan.
According to the Internal Affairs and Communications Ministry and the Personal Information Protection Commission, the data of 20 local governments, including the Funabashi and Ibaraki city governments, and 18 companies, including Rakuten Group Inc. and SMBC Nikko Securities Inc., was left accessible to unintended eyes. In all cases, the municipalities and companies had mistakenly set their privacy settings to allow public viewing.
The data of seven cities, including Kobe and Higashi-Murayama, and five companies, including Rakuten and SoftBank Group Corp.’s cashless payment service provider PayPay Corp., were found to have been accessed by outside parties, although it remains unknown whether the personal information was abused after being viewed.
The breaches came to light after PayPay announced in December that the names and contact information of its member store owners had been compromised. Later that month, Rakuten similarly announced that over 1.48 million sets of names and contact information, including those who had requested information on setting up an online shop with the cybermall had been exposed, and confirmed that it had found evidence that at least some of the datasets had been viewed by third-parties.
600-page instructions
Although Salesforce and other cloud computing service providers handle all of the back-end architecture for clients, it is up to the users to configure their privacy settings and access authorizations on the front end.
“It’s not that our company has flaws in our products, but that our clients misconfigured their access authorizations,” said a Salesforce spokesperson.
But the companies and local government offices that contract with Salesforce contend that their service is far from user-friendly.
“Just to identify where the problem was with our settings, we would have to read over 600 pages of instructions,” said an employee at an affected financial institution. “The company needs to provide more support.”
In January, Rakuten issued a statement, saying: “We have continued to ask the system provider for detailed information on specification changes and reconfigurations.”
"Business" POPULAR ARTICLE
-
G20 Sees Soft Landing for Global Economy; Leaders Pledge to Resist Protectionism as Trump Calls for Imported Goods Flat Tariff
-
Japanese Automakers Team Up on Software Development; Aim to Compete with U.S., China in SDV Market
-
China Struggles to Develop Passenger Jet to Rival Boeing, Airbus; Russian Cooperation Falls
-
Japan Makes Taxi, Bus Driver Jobs More Obtainable for Foreigners; Paper Exams Now Offered in 20 Languages
-
Japanese Cosmetics Firms Competing with South Korean Brands over Inexpensive Products; South Korean Brands Dominating Market Through Social Media
JN ACCESS RANKING
- Asukayama Monorail in Tokyo: Free to Ride!
- Japan Trying to Draw Digital Nomads, Who Are Seen as Beneficial to Economy, Society
- JICA Employee Suspected of Leaking Info on ODA Project in Manila; Bidding for Railway Renovation May Have Been Impacted
- G20 Sees Soft Landing for Global Economy; Leaders Pledge to Resist Protectionism as Trump Calls for Imported Goods Flat Tariff
- Japanese Automakers Team Up on Software Development; Aim to Compete with U.S., China in SDV Market