A security researcher Mr. Eilon Harel has developed an automated scanner called “S3crets Scanner” using python which performs specific actions on public Amazon S3 (Simple Storage Service) buckets like
- Use CSPM to get a list of public buckets
- Download the relevant textual files
- List the bucket content via API queries
- Forward results to SIEM
- Scan content for secrets
- Check for exposed textual files
Amazon Simple Storage Service is a cloud storage service used by organizations to store software, services and data in containers marked as buckets.
Table of Contents
June 2022 – Amazon Web Services (AWS) Data Breach
A 36-year-old former AWS Engineer Paige Thompson was convicted in U.S. District Court in Seattle for hacking misconfigured AWS cloud server accounts of more than 30 business organizations to mine cryptocurrency.
Among those 30 entities, Capital One Bank is the prominent financial institution where she illegally accessed the personal information of about 106 million customers, 140,000 Social Security numbers and 80,000 US bank account numbers as well as birth dates, addresses, phone numbers, credit balances, transactions and credit scores.
Capital One was fined $80 million and was ordered to enhance its cloud security protocols. In addition to the fine, the bank has agreed to disburse the amount of $190 million to affected customers.
May 2022 – Amazon Web Services (AWS) Data Breach
6.5 TB of personal data have been made publicly available online due to a flaw in software developed by the Turkish airline Pegasus.
It is believed that a misconfigured “bucket” on Amazon’s cloud service AWS is what caused the data breach, which affects 23 million files and includes the personal information of the flight crew.
January 2022 – Amazon Web Services (AWS) Data Breach
A research team vpnMentor has discovered the personal information of an estimated 0.5 million young people working in sectors such as healthcare and education associated with Ghana’s National Service Secretariat (NSS) has been exposed from its misconfigured Amazon Web Services (AWS) cloud storage S3 bucket.
December 2021 – Amazon Web Services (AWS) Data Breach
FlexBooker notified its customers about the data breach on its AWS cloud storage account resulting in the exposure of the personal information of 3.7 million customers which includes email addresses, names, phone numbers and partial credit card data.
Australian security expert Troy Hunt, who owns Have I Been Pwned site stated that hacked data has been actively traded on a popular hacking forum.
August 2021 – Amazon Web Services (AWS) Data Breach
The research team led by Ata Hakcil at security products review website WizCase has discovered that more than 3 million personal data of senior citizens of Unites states have been compromised after Senior Advisor’s Amazon S3 bucket was found misconfigured.
In total, the company’s AWS cloud account contained more than 1 lakh files and 182GB of data, one of which was encrypted and did not require a password or login credentials to access. The exposed data includes usernames, emails, and phone numbers.
June 2021 – Amazon Web Services (AWS) Data Breach
Cosmolog Kozmetik Data Breach
A team of ethical cyber researchers at Wizcase found a major breach on misconfigured Amazon S3 bucket of a Turkish online retailer Cosmolog Kozmetik containing over 9500 files and almost 20GB of 567,000 customers’ data.
Though no payment information was found, they discovered customers’ full names, physical addresses and purchase details among the leaked data.
Securitas Data Breach
A cybersecurity team at SafetyDetectives discovered that a misconfigured Amazon AWS S3 bucket exposed 1 million files of security services and products firm Securitas to be publically accessible.
The 3TB of data was related to airport employees from Latin American cities of Colombia and Peru. The exposed personally identifiable information (PII) includes
- Full names, including first names with surnames
- Job role
- National ID Number
- Photos of employees
- Photos of planes
- Photos of fueling lines
- Photos of luggage being loaded/unloaded
July 2021 – Amazon Web Services (AWS) Data Breach
Ata Hakçıl and his Security Research team at WizCase discovered over 1.5 million files related to the municipalities and 1 TB of personal data of people across the United States was breached after 83 Amazon S3 buckets of the web service provider – PeopleGIS were misconfigured without password or encryption.
The leaked information from PeopleGIS cloud storage include
- Email address
- Phone number
- Drivers license number
- Real estate tax information
- Photographs of properties
- Building and city plans
With the above personal information, threat actors/hackers may pose as government officials and could conduct phishing and defrauding scams against affected citizens.
March 2021 – Amazon Web Services (AWS) Data Breach
Reviews and comparison of cybersecurity products website Comparitech have discovered unprotected personal data of 52,000 patients on COVID-19 testing service provider Premier Diagnostics’ two big Amazon S3 buckets with detailed personal information like name, age, address, photo, gender, ID numbers, and more.
February 2021 – Amazon Web Services (AWS) Data Breach
Risk management technology startup LogicGate has suffered a major data breach after an unauthorized threat actor accessed files stored on the Web Services-hosted cloud storage AWS S3 buckets of the company.
November 2020 – Amazon Web Services (AWS) Data Breach
An ethical team at Website Planet has unearthed a severe data breach at Prestige Software’s cloud storage S3 bucket.
Researchers found that misconfigured AWS server was the primary cause of the data breach which involved more than 10 million log files including Full names, email addresses, national ID numbers, phone numbers of hotel guests, Credit card details, Payment and reservation details as the company was storing Cloud Hospitality data.
July 2020 – Amazon Web Services (AWS) Data Breach
California-based Programmable Telecommunications Tool maker Twilio has confirmed that its AWS cloud bucket S3 was compromised by a group of hackers exposing data of thousands of developers and companies.
Hackers found misconfigured cloud bucket and modified the TaskRouter JavaScript SDK by injecting a malicious code that made the browser load an extra URL that had been linked to Magecart attacks.
In a disclosure, Twilio said that It had not properly configured the access policy for the path storing the TaskRouter SDK. These JavaScript SDKs are used primarily for Programmable Chat, and Programmable Video for Twilio Clients. With these misconfigured S3 buckets, anybody could read or write to that path with public access.
Security & Privacy testing services company Comparitech has discovered the personal data of more than 8 million UK shoppers on the web.
February 2020 – Amazon Web Services (AWS) Data Breach
Bob Diachenko, the research head at Comparitech found that misconfigured Amazon Web Services S3 bucket of MongoDB was breached exposing the following data to the public.
- Customer names
- Shipping addresses
- Email addresses
- Phone numbers
- Orders (items purchased)
- Payments
- Redacted credit card numbers (last four digits)
- Transaction and order IDs
- Links to invoices for Stripe and Shopify
Upon finding the data breach, Comparitech immediately took steps to identify affected companies and notify them so that they can fix the issue as soon as possible to minimize the damage.
December 2019 – Amazon Web Services (AWS) Data Breach
vpnMentor’s research team led by Noam Rotem and Ran Locar has discovered that the misconfigured AWS cloud S3 bucket owned by THSuite exposed more than 85,000 sensitive data files from multiple marijuana dispensaries across the U.S. and their customers.
THSuite is a software engineering company that offers ERP and POS systems management services to cannabis dispensary owners and operators in the US.
The leaked personal data included scanned government and employee IDs, exposing personally identifiable information (PII) for over 30,000 individuals which resulted in HIPAA violations according to U.S. laws.
July 2019 – Amazon Web Services (AWS) Data Breach
American bank holding company Capital One has confirmed that its AWS cloud storage S3 bucket was hacked after the misconfigured server was gained access by an unidentified perpetrator.
The data breach exposed the personal data of more than 100 million customers like Social Security numbers, credit scores and credit card transaction data.
May 2019 – Amazon Web Services (AWS) Data Breach
Top security researcher Anurag Sen has discovered that the personal data of millions of Instagram influencers, celebrities and brand accounts were exposed to the public due to the misconfigured AWS S3 cloud bucket of leading influencer marketing platform Chtrbox.
The leaked data records included information that determined each account’s value based on its amount of followers, engagement, reach, likes, and shares.
Chtrbox denied the figure and asserted that just 350,000 influencers were impacted.
February 2018 – Amazon Web Services (AWS) Data Breach
Security Research firm Kromtech discovered that personal data belonging to more than 119,000 citizens from around the world, including passports, driving licenses and security identification was exposed on an unsecured Amazon S3 server. The data was the property of Bongo International which FedEx acquired in 2014. The company then immediately locked down the Amazon server.
December 2017 – Amazon Web Services (AWS) Data Breach
Security professional Chris Vickery has discovered that the personal information of more than 120 million US households was exposed on the web after a misconfiguration of Amazon Web Services (AWS) S3 Bucket owned by data analytics firm Alteryx.
36GB of personal data with 48 categories, including specific information such as mortgage and consumer demographics in addition to addresses and contact details was exposed to the public without any password protection or firewall.
June 2017 – Amazon Web Services (AWS) Data Breach
The largest ever data leak of voter information to date in the United States was discovered by UpGuard cyber risk analyst Chris Vickery, who found that databases containing 198 million records on American voters were found on misconfigured AWS S3 cloud bucket owned by a data analytics firm Deep Root Analytics.
The analytics firm was hired by Republican National Committee to analyze the voting pattern of the voters and help their contesting candidates make data-based decisions about their campaigns.
Along with “profiling” information, voter ethnicities and religions and numerous other types of data relevant to a voter’s political beliefs and preferences are also included in the leaked data.
