This company made a significant Google Drive security error that could put a million users at risk

Image of someone clicking a cloud icon.
Image Credit: Shutterstock (Image credit: Shutterstock)

Japanese game developer Ateam has admitted that a simple misconfiguration of its Google Drive cloud storage service had been putting the personal information of users at risk for more than half a decade.

“On November 21, 2023, we discovered that personal information in files located on the cloud service Google Drive used by our group could possibly be viewed… [by] anyone who knew the exact URL link to access the files," the company said in a statement.

Files created, stored, and shared between March 2017 and November 22, 2023 – a period of over six-and-a-half years – have now been secured, says the company.

Google Drive files shared inadvertently

Ateam says that a report “checking the accuracy of a security product being considered for implementation detected files that were at risk” highlighted the misconfiguration.

Data of nearly a million individuals had been caught up in the misconfiguration, including 925,728 customers, 6,909 business partners, 264 employment candidates, plus several thousand employees. Ateam, Ateam LifeDesign, Ateam Entertainment, Ateam Wellness, and Ateam CommerceTech were all affected.

An employee with access to the company’s Google Drive publicly sharing a link (inadvertently or maliciously) could have been catastrophic for Ateam, with search engines picking it up and indexing it. Threat actors (and genuine cybersecurity workers) often come across publicly exposed data this way.

The company started contacting affected parties on December 20 to notify them that their data had been exposed to those with access to the precise URL, however Ateam also acknowledged that it has no evidence of any unauthorized access or damages.

Although user data looks to be completely safe, the near miss has pushed Ateam into action. It has promised to strengthen monitoring through security tools, review file sharing settings and permissions, and increase the awareness of officers and employees about the handling of personal information.

More from TechRadar Pro

TOPICS
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!