Security News > 2020 > February > Oh buoy. Rich yacht bods' job agency leaves 17,000 sailors' details exposed in AWS bucket

Oh buoy. Rich yacht bods' job agency leaves 17,000 sailors' details exposed in AWS bucket
2020-02-04 17:46

A private yacht crew recruitment agency has left an AWS bucket containing the CVs, passports and even some drug test results for up to 17,000 people exposed to world+dog, according to reports.

Crew & Concierge - a jobs firm in Bath, England, that targets "High net worth individuals", yacht captains, and management companies searching for seafarers to crew private yachts - left an Amazon Web Services S3 bucket open to anyone and everyone for around 11 months starting in February 2019.

In a statement to Verdict, Crew & Concierge director Sara Duncan blamed "The team of developers we had hired" for the bucket being left open, saying she had trusted the devs to "Do a competent job" of securing "Personal and sensitive personal information relating to our registered crew".

Such so-called "Advanced tools" include the search engine Gray Hat Warfare, which does for AWS buckets what Shodan does for IoT devices carelessly and inappropriately left accessible by the public.

The Register has asked Crew & Concierge for comment.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/04/crew_and_concierge_data_breach/