Collaborate Disseminate
The vulnerability also exposed login credentials for a massive national insurance claims database, Upguard says. Continue reading Insurance Customers’ Personal Data Exposed Due to Misconfigured NAS Server
Octoly’s incident response was sorely lacking, says the Upguard researcher who found the exposed repository. Continue reading Leaky Amazon S3 Bucket Exposes Personal Data of 12,000 Social Media Influencers
Prominent French marketing firm Octoly accidentally publicly exposed an Amazon Web Services S3 cloud storage bucket containing sensitive information about the company’s IT operations as well as the firm’s thousands of clients, according to a report from the cybersecurity firm UpGuard. Octoly, which just got a $10 million investment round, is a marketing firm that connects companies and influencers for native advertising opportunities in the popular and lucrative worlds of beauty and video game blogging. The firm works with Sephora, Dior, Yves Saint Laurent and Blizzard Entertainment as well as popular “influencers” on social media — i.e. people with a large following. Over 12,000 Octoly clients had sensitive data exposed as a result of a misconfigured AWS account including real names, addresses, phone numbers, email addresses, birth dates and hashed user passwords for the individual influencers. On the brand side, Octoly’s analytics for each specific brand were publicly exposed as well. “Octoly’s potential business […]
The post French marketing firm publicly exposes sensitive data of over 12,000 clients appeared first on Cyberscoop.
Continue reading French marketing firm publicly exposes sensitive data of over 12,000 clients
It’s getting to the point where if you blink, you might miss another story about the accidental exposure of sensitive data stored in a public cloud instance. Case in point: cybersecurity firm UpGuard recently found 36GB of data from the U.S. Census Bureau and consumer credit reporting agency Experian. The data, which was stored by data analytics firm Alteryx, was inadvertently exposed on a Amazon Web Services S3 cloud storage bucket. Experian has called the incident — which affects 123 million U.S. households — “an Alteryx issue,” even as the credit monitoring firm’s customers were directly impacted. UpGuard researcher Chris Vickery told CyberScoop that regardless of what organization is storing data, third-party vendor risk should be a point of concern for all involved. “Third-party vendor risk is a problem for both parties,” Vickery said. “Look at it this way: If you store your valuables in a bank vault, and the bank forgets to […]
The post Another cloud leak shows AWS can only do so much to protect data appeared first on Cyberscoop.
Continue reading Another cloud leak shows AWS can only do so much to protect data
A Florida-based credit repair company left 111 gigabytes of extremely sensitive customer information and internal company data publicly accessible on the internet possibly for up to two years. The National Credit Federation publicly exposed 47,000 files that included customer names, addresses, dates of birth, driver’s licenses, Social Security cards, credit reports, financial histories, credit card numbers and bank account numbers, according to Chris Vickery, a researcher at the cybersecurity firm UpGuard. File upload dates suggest the public exposure extends back to June 2015. Vickery discovered the data after finding an Amazon Web Services S3 cloud storage bucket used by the company was configured for public access. NCF’s exposure is the latest in a string of organizations leaving sensitive data accessible by the public via an S3 instance. There have been similar incidents impacting the National Security Agency, Department of Defense, Viacom and Verizon, all of which have been discovered by Vickery “This wasn’t secure whatsoever,” Vickery said of […]
The post Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server appeared first on Cyberscoop.
A misconfigured Amazon Web Services server operated by the U.S. Army’s Intelligence and Security Command was publicly available on the open internet, according to findings by UpGuard researcher Chris Vickery. The hard drive’s content, which included classified material belonging to the National Security Agency, was stored on a unprotected, unlisted server, containing information about an outdated Army intelligence sharing project codenamed “Red Disk.” Red Disk represents a defunct project that was previously spearheaded by INSCOM in order to improve one of the Army’s legacy platforms known as the distributed common ground system (DCGS). Red Disk was meant to act as a customizable cloud system for soldiers and other operators in field to access, organize and share active reports regarding military activities, including information gathering efforts. The publicly accessible files provide an overview of how Red Disk functioned and could have been deployed. Other confidential information stored on the disk image included a […]
The post Top secret Army, NSA data found on public internet due to misconfigured AWS server appeared first on Cyberscoop.
Continue reading Top secret Army, NSA data found on public internet due to misconfigured AWS server
A Department of Defense database containing 1.8 billion scraped internet posts over a span of eight years was left publicly exposed, according to researchers from the cybersecurity firm UpGuard. Researcher Chris Vickery discovered the trove, first reported by CNN. Vickery and UpGuard have made a name for themselves sniffing out mistakenly publicly exposed databases over the last year including data on 200 million voters, one gigabyte of sensitive files from Viacom and information on 14 million Verizon customers. “With evidence that the software employed to create these data stores was built and operated by an apparently defunct private-sector government contractor named VendorX, this cloud leak is a striking illustration of just how damaging third-party vendor risk can be, capable of affecting even the highest echelons of the Pentagon,” UpGuard’s Dan O’Sullivan wrote in a blog post. In June, Vickery found 60,000 sensitive files left publicly exposed by leading U.S. government contractor Booz Allen Hamilton. Vickery found the exposed […]
The post Pentagon left AWS databases publicly exposed appeared first on Cyberscoop.
Continue reading Pentagon left AWS databases publicly exposed
Global consulting firm Accenture is the latest giant organization leaving sensitive internal and customer data exposed in a publicly available Amazon Web Services S3 storage bucket. Continue reading Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket
Mike Mimoso talks to Chris Vickery of Upguard of the recent rash of Amazon S3 data leaks. Continue reading Chris Vickery on Amazon S3 Data Leaks
The American media giant Viacom left one gigabyte of sensitive files publicly exposed, according to researchers from the cybersecurity firm UpGuard. It’s the latest in a long string of incidents in which a wide spectrum of companies have found out that moving to cloud computing like Amazon Web Services can come with cybersecurity pitfalls resulting from misconfiguration mistakes. The exposed files included Viacom’s secret cloud keys — information that a hacker could have used to take control of the company’s cloud servers. “Such a scenario could enable malicious actors to launch a host of damaging attacks, using the IT infrastructure of one of the world’s largest broadcast and media companies,” UpGuard’s Dan O’Sullivan explained. “The potential nefarious acts made possible by this cloud leak could have resulted in grave reputational and business damages for Viacom, on a scale rarely seen.” UpGuard researcher Chris Vickery originally found the leak Aug. 30 and notified Viacom the […]
The post Viacom left master keys exposed on a public AWS server appeared first on Cyberscoop.
Continue reading Viacom left master keys exposed on a public AWS server