What do Brit biz consultants and X-rated cam stars have in common? Wide open... AWS S3 buckets on public internet

2020-01-15 23:54

A pair of misconfigured cloud-hosted file silos have left thousands of peoples' sensitive info sitting on the open internet.

The latest demonstration of this comes from eggheads at VPNmentor, who this week said they found two open AWS S3 buckets, one belonging to a UK consulting firm and another run by an adult webcam host.

The first leaky system was a poorly configured AWS S3 storage bucket linked to UK consulting firm CHS. It included passport scans, tax documents, background check paperwork, criminal records, and expense and benefit forms detailing several thousand business consultants working for CHS and other firms in Blighty from 2011 through 2015.

"There are at least 875,000 keys, which represent different file types, including videos, marketing materials, photographs, clips and screenshots of video chats, and zip files. Within each zip folder - and there is apparently one zip folder per model - there are often multiple additional files, and many additional items that we chose not to investigate," the VPNmentor team explained.

"The folders included could be up to 15-20 years old, but are also as recent as the last few weeks. Even for older files, given the nature of the data, it is still relevant and of equal impact as newly added files."

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/15/open_s3_buckets/

#AWS #brit #buckets #internet #S3