🟠High  | Source: The Register — Security
A cautionary tale from a major US telco in the early 2000s describes a new employee being handed unrestricted sudo access to a production database containing full, unencrypted customer records. The anecdote highlights systemic failures in access control, data protection, and onboarding security practices that remain alarmingly relevant today. While historical, it underscores how poor privilege management and cleartext data storage can expose millions of customers with minimal effort.
Security Architect’s Take: Audit your database access controls and onboarding processes immediately — ensure no user, new or otherwise, receives broad privileged access without role-based justification, time-limited credentials, and just-in-time provisioning. Verify that sensitive customer data is encrypted at rest, and that access is logged and alerted upon.
Original advisory: Welcome to your new telco job – here’s sudo access to a database with full customer info stored in the clear