Confusing cloud settings cause personal data leak for Japan users
16:25 JST, May 3, 2021
Platform interface issues in a cloud system provided by a U.S. contractor exposed the personal information stored by dozens of municipalities and companies in Japan to unauthorized viewers, after users mistakenly configured the system’s settings to allow public access to their content.
Local governments and corporate users maintain that they chose the wrong settings due to the overly complicated nature of the system.
Warning that there may be even more companies who have similarly misconfigured their settings with the service, the National center of Incident readiness and Strategy for Cybersecurity (NISC) has asked the U.S. provider to remedy the situation.
Domestic giant affected
The service was provided by U.S.-based IT company Salesforce.com, Inc., whose Japanese subsidiary, Salesforce.com Co., is one of the leading names in cloud storage in Japan.
According to the Internal Affairs and Communications Ministry and the Personal Information Protection Commission, the data of 20 local governments, including the Funabashi and Ibaraki city governments, and 18 companies, including Rakuten Group Inc. and SMBC Nikko Securities Inc., was left accessible to unintended eyes. In all cases, the municipalities and companies had mistakenly set their privacy settings to allow public viewing.
The data of seven cities, including Kobe and Higashi-Murayama, and five companies, including Rakuten and SoftBank Group Corp.’s cashless payment service provider PayPay Corp., were found to have been accessed by outside parties, although it remains unknown whether the personal information was abused after being viewed.
The breaches came to light after PayPay announced in December that the names and contact information of its member store owners had been compromised. Later that month, Rakuten similarly announced that over 1.48 million sets of names and contact information, including those who had requested information on setting up an online shop with the cybermall had been exposed, and confirmed that it had found evidence that at least some of the datasets had been viewed by third-parties.
600-page instructions
Although Salesforce and other cloud computing service providers handle all of the back-end architecture for clients, it is up to the users to configure their privacy settings and access authorizations on the front end.
“It’s not that our company has flaws in our products, but that our clients misconfigured their access authorizations,” said a Salesforce spokesperson.
But the companies and local government offices that contract with Salesforce contend that their service is far from user-friendly.
“Just to identify where the problem was with our settings, we would have to read over 600 pages of instructions,” said an employee at an affected financial institution. “The company needs to provide more support.”
In January, Rakuten issued a statement, saying: “We have continued to ask the system provider for detailed information on specification changes and reconfigurations.”
"Business" POPULAR ARTICLE
-
Japanese Companies Increasing Efforts to Hire Foreign Students; Firms, Local Governments Help Them Acquire Skills to Find Jobs in Japan
-
Japan’s Casio to Launch Durable Clothing Range Inspired by G-Shock Brand; Company to Debut Durable T-Shirt in Late August
-
Insufficient Rice Supply Hits Japan; Sever Heat, Rising Demand from Inbound Tourist Among Factors
-
Japan’s Newly Harvested Rice Arrives on Store Shelves; Prices Soar 30%-50% Following Shortage
-
Sony to Open New Brand Complex Building in Tokyo’s Ginza Next Year; ‘Ginza Sony Park’ to Serve as Brand Hub for Entertainment Businesses
JN ACCESS RANKING
- Philippines Steps Up Defense of Northernmost Province with Eye on Possible Contingency Involving Taiwan
- Typhoon Shanshan Forms, Slowly Moves Toward Japan; Govt Says Typhoon No. 10 Likely to Approach Japan Next Week
- Tokyo Companies Prepare for Ashfall From Mt. Fuji Eruption; Disposal Of Ash, Possibly at Sea, A Major Challenge
- Shizuoka Pref. City Offers Foreigners Free Japanese Language Classes; Aims to Raise Non-Natives to Daily Conversation Level
- Typhoon No. 10 Forecast to Develop; Move into Pacific Ocean South of Japan on Aug. 26