CENTCOM Says Massive Data Cache Found on Leaky Server is Benign

Pentagon contractor left 1.8 billion mostly benign publicly accessible social-media posts scraped from the internet on a publicly accessible Amazon storage bucket. Continue reading CENTCOM Says Massive Data Cache Found on Leaky Server is Benign

Pentagon left AWS databases publicly exposed

A Department of Defense database containing 1.8 billion scraped internet posts over a span of eight years was left publicly exposed, according to researchers from the cybersecurity firm UpGuard. Researcher Chris Vickery discovered the trove, first reported by CNN. Vickery and UpGuard have made a name for themselves sniffing out mistakenly publicly exposed databases over the last year including data on 200 million voters, one gigabyte of sensitive files from Viacom and information on 14 million Verizon customers. “With evidence that the software employed to create these data stores was built and operated by an apparently defunct private-sector government contractor named VendorX, this cloud leak is a striking illustration of just how damaging third-party vendor risk can be, capable of affecting even the highest echelons of the Pentagon,” UpGuard’s Dan O’Sullivan wrote in a blog post. In June, Vickery found 60,000 sensitive files left publicly exposed by leading U.S. government contractor Booz Allen Hamilton. Vickery found the exposed […]

The post Pentagon left AWS databases publicly exposed appeared first on Cyberscoop.

Continue reading Pentagon left AWS databases publicly exposed

Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket

Global consulting firm Accenture is the latest giant organization leaving sensitive internal and customer data exposed in a publicly available Amazon Web Services S3 storage bucket. Continue reading Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket

Viacom left master keys exposed on a public AWS server

The American media giant Viacom left one gigabyte of sensitive files publicly exposed, according to researchers from the cybersecurity firm UpGuard. It’s the latest in a long string of incidents in which a wide spectrum of companies have found out that moving to cloud computing like Amazon Web Services can come with cybersecurity pitfalls resulting from misconfiguration mistakes. The exposed files included Viacom’s secret cloud keys — information that a hacker could have used to take control of the company’s cloud servers. “Such a scenario could enable malicious actors to launch a host of damaging attacks, using the IT infrastructure of one of the world’s largest broadcast and media companies,” UpGuard’s Dan O’Sullivan explained. “The potential nefarious acts made possible by this cloud leak could have resulted in grave reputational and business damages for Viacom, on a scale rarely seen.” UpGuard researcher Chris Vickery originally found the leak Aug. 30 and notified Viacom the […]

The post Viacom left master keys exposed on a public AWS server appeared first on Cyberscoop.

Continue reading Viacom left master keys exposed on a public AWS server

Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket

Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket. Continue reading Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket

Engineering Firm Leaks Sensitive Data on Dell, SBC and Oracle

Power Quality Engineering publicly exposed sensitive electrical infrastructure data on the public internet tied to Dell Technologies, SBC, Freescale, Oracle, Texas Instruments and the City of Austin. Continue reading Engineering Firm Leaks Sensitive Data on Dell, SBC and Oracle

200 million registered voters exposed due to open AWS repository

A misconfigured database containing sensitive personal information of 198 million American voters was left exposed to the internet for 12 days by a Republican data analysis firm, the largest known data exposure of its kind. According to UpGuard Cyber Risk Analyst Chris Vickery, republican contractors Deep Root Analytics, TargetPoint consulting, Inc. and Data Trust stored the data on a public cloud owned by Deep Root Analytics. The names, dates of birth, home addresses, phone numbers, and voter registration details of nearly all of America’s registered voters were exposed, including “modeled” data of voter ethnicities and religions. The enormous amount of political data, compiled by the RNC and contracting firms after Mitt Romney’s loss in the 2012 presidential election, held around 9.5 billion data points of three out of five americans, grading the 198 million registered voters on political leanings across forty-eight categories using algorithmic modeling. Vickery discovered the Amazon Web Services S3 […]

The post 200 million registered voters exposed due to open AWS repository appeared first on Cyberscoop.

Continue reading 200 million registered voters exposed due to open AWS repository