This is an easy mistake to make. Developer often copy the ‘real’ database and don’t always have the same security controls as production systems. Take a look at your own developers (especially 3rd parties) and check what they’re doing and establish some controls to scan for sensitive data that’s exposed to the internet…:
[…] I’ll start by going back to 2017 when our Cloud WAF, previously known as Incapsula, was under significant load from onboarding new customers and meeting their critical demands. That year, our product development team began the process of adopting cloud technologies and migrated to AWS Relational Database Service (RDS) to scale our user database.
Some key decisions made during the AWS evaluation process, taken together, allowed information to be exfiltrated from a database snapshot. These were: (1) we created a database snapshot for testing; (2) an internal compute instance that we created was accessible from the outside world and it contained an AWS API key; (3) this compute instance was compromised and the AWS API key was stolen; and (4) the AWS API key was used to access the snapshot.