Request for Investigation: Unauthorized Data Export

Data Service
1

Hello we received the following email:

Backendless finished exporting your data successfully for application: brilliant_grades.
You can download the exported file ms_student_dir.csv from the Files section in the Backendless Console.

However, this has raised a major concern:

  1. Only the owner of the account has the rights to export data.
  2. The owner has confirmed that he did not initiate this export.
  3. No one else in our organization has export permissions, aside from Backendless employees.

To ensure security, we have already changed the owner’s password.

We’re now trying to understand what happened and would appreciate any guidance or assistance with the following:

  • Can the logs be checked to identify who requested this export?
  • Were there any unusual or suspicious activities related to this action?

Thank you in advance for your help.

Nicolas

2

Hi Nicolas,

The export was done by one of our engineers working on an issue that shows in the logs for your app. The issue is mitigated in the code, but the fact that it occurs is not good. If you’re curious, the logs show the following (the issue started appearing in September of 2024):

Oct 02 05:47:38 bl-server-0 play us-cloud-prox 10.110.4.73 [ERROR] (com.backendless.util.ErrorHandlerHelper):	Unhandled exception in app brilliant_grades (appId=[4A47197B-AE30-FA84-FF56-0071F4010900]); unhandledErrorId=[bl-server:43ADCBD9-7D48-40EA-9082-E08FD12CD458]java.util.concurrent.CompletionException: akka.http.scaladsl.model.EntityStreamException: Entity stream truncation. The HTTP parser was receiving an entity when the underlying connection was closed unexpectedly.
Oct 02 05:47:38 bl-server-0 play 	at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:332)
Oct 02 05:47:38 bl-server-0 play 	at java.base/java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:347)
Oct 02 05:47:38 bl-server-0 play 	at java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:636)
Oct 02 05:47:38 bl-server-0 play 	at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
Oct 02 05:47:38 bl-server-0 play 	at java.base/java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:2162)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.FutureConvertersImpl$CF.apply(FutureConvertersImpl.scala:26)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.FutureConvertersImpl$CF.apply(FutureConvertersImpl.scala:23)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.Promise$Transformation.run(Promise.scala:484)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.ExecutionContext$parasitic$.execute(ExecutionContext.scala:222)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.Promise$Transformation.submitWithValue(Promise.scala:429)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.Promise$DefaultPromise.submitWithValue(Promise.scala:338)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.Promise$DefaultPromise.tryComplete0(Promise.scala:285)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.Promise$Transformation.run(Promise.scala:504)
Oct 02 05:47:38 bl-server-0 play 	at play.api.libs.streams.Execution$trampoline$.execute(Execution.scala:65)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.Promise$Transformation.submitWithValue(Promise.scala:429)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.Promise$DefaultPromise.submitWithValue(Promise.scala:338)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.Promise$DefaultPromise.tryComplete0(Promise.scala:285)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.Promise$DefaultPromise.tryComplete(Promise.scala:278)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.Promise.complete(Promise.scala:57)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.Promise.complete$(Promise.scala:56)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.Promise$DefaultPromise.complete(Promise.scala:104)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.Promise.failure(Promise.scala:109)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.Promise.failure$(Promise.scala:109)
Oct 02 05:47:38 bl-server-0 play 	at scala.concurrent.impl.Promise$DefaultPromise.failure(Promise.scala:104)
Oct 02 05:47:38 bl-server-0 play 	at play.api.mvc.BodyParsers$TakeUpTo$$anon$1$$anon$3.onUpstreamFailure(BodyParsers.scala:1192)
Oct 02 05:47:38 bl-server-0 play 	at akka.stream.impl.fusing.GraphInterpreter.processEvent(GraphInterpreter.scala:525)
Oct 02 05:47:38 bl-server-0 play 	at akka.stream.impl.fusing.GraphInterpreter.execute(GraphInterpreter.scala:390)
Oct 02 05:47:38 bl-server-0 play 	at akka.stream.impl.fusing.GraphInterpreterShell.runBatch(ActorGraphInterpreter.scala:650)
Oct 02 05:47:38 bl-server-0 play 	at akka.stream.impl.fusing.ActorGraphInterpreter$SimpleBoundaryEvent.execute(ActorGraphInterpreter.scala:61)
Oct 02 05:47:38 bl-server-0 play 	at akka.stream.impl.fusing.ActorGraphInterpreter$SimpleBoundaryEvent.execute$(ActorGraphInterpreter.scala:57)
Oct 02 05:47:38 bl-server-0 play 	at akka.stream.impl.fusing.ActorGraphInterpreter$BatchingActorInputBoundary$OnError.execute(ActorGraphInterpreter.scala:82)
Oct 02 05:47:38 bl-server-0 play 	at akka.stream.impl.fusing.GraphInterpreterShell.processEvent(ActorGraphInterpreter.scala:625)
Oct 02 05:47:38 bl-server-0 play 	at akka.stream.impl.fusing.ActorGraphInterpreter.akka$stream$impl$fusing$ActorGraphInterpreter$$processEvent(ActorGraphInterpreter.scala:800)
Oct 02 05:47:38 bl-server-0 play 	at akka.stream.impl.fusing.ActorGraphInterpreter$$anonfun$receive$1.applyOrElse(ActorGraphInterpreter.scala:818)
Oct 02 05:47:38 bl-server-0 play 	at akka.actor.Actor.aroundReceive(Actor.scala:537)
Oct 02 05:47:38 bl-server-0 play 	at akka.actor.Actor.aroundReceive$(Actor.scala:535)
Oct 02 05:47:38 bl-server-0 play 	at akka.stream.impl.fusing.ActorGraphInterpreter.aroundReceive(ActorGraphInterpreter.scala:716)
Oct 02 05:47:38 bl-server-0 play 	at akka.actor.ActorCell.receiveMessage(ActorCell.scala:579)
Oct 02 05:47:38 bl-server-0 play 	at akka.actor.ActorCell.invoke(ActorCell.scala:547)
Oct 02 05:47:38 bl-server-0 play 	at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:270)
Oct 02 05:47:38 bl-server-0 play 	at akka.dispatch.Mailbox.run(Mailbox.scala:231)
Oct 02 05:47:38 bl-server-0 play 	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Oct 02 05:47:38 bl-server-0 play 	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Oct 02 05:47:38 bl-server-0 play 	at java.base/java.lang.Thread.run(Thread.java:840)

Regarding the permissions, in addition to the owner and Backendless support employees, you also have the export permission:

App Settings - brilliant_grades - Backendless 2025-01-06 10-49-16
App Settings - brilliant_grades - Backendless 2025-01-06 10-49-161408×982 67.1 KB

Regards,
Mark

3

Thank you for the quick reply Mark.