The data was exposed via rsync, a common file transfer protocol used to mirror or backup large data sets. The rsync server was not restricted by IP or user, and the data set was downloadable to any rsync client that connected to the rsync port.
He’s a rarity in the industry: a security sleuth who doesn’t hack. Instead, he searches communication ports and the internet’s hive of connected devices to find information inadvertently made public. His discoveries have included medical records, airport security files, hotel bookings, a terrorist screening database and 87 million Mexican voter registration records. Once the sensitive information has been secured, he publicly discloses that the data had been revealed.
Mr. Vickery found Level One’s data through an exposed backup server.