135m records maintained by cloud backup provider SOS Online Backup exposed


VPN Mentor’s research team discovered a breached database at Cloud backup provider SOS Online Backup that contained more than 135m records. While this information apparently did not fall into malevolent hands, the incident highlights cybersecurity risks posed by the use of third-party service providers.



This is yet another example of how corporate networks of companies large and small are only as secure as their weakest link. Deficient cybersecurity at third-party service providers can cause significant financial damage for clients—the companies that have outsourced parts of their critical digital infrastructure. SOS Online Backup has marketed itself as “the world’s most secure online backup” cloud service. As highlighted in Cyberhedge analysis, external vendors are increasingly targeted by hackers as breach vectors into companies, both due to the huge amount of data they can access and also because vendors are seen to be increasingly likely to pay ransoms. As cloud storage has become the norm for companies, it represents a particularly valuable area for hackers to target.

This presents important challenges for companies’ cyber governance. It is not enough for companies to audit their internal systems. External systems must be taken into account as well. And, as covered in yesterday’s Daily, the lack of “security by design” in so many products used by companies today—or in products introduced by employees for personal use—is a huge and growing structural problem that companies have to contend with when making decisions about the security of digital assets. Though the operational expertise and functions that bring business benefit to companies can be outsourced, the risk cannot be. Ultimately, if a key third party is compromised, it can increase the likelihood of a financially damaging breach event that the client, the household names of the corporate world, must own.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website