Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server

A Florida-based credit repair company left 111 gigabytes of extremely sensitive customer information and internal company data publicly accessible on the internet possibly for up to two years. The National Credit Federation publicly exposed 47,000 files that included customer names, addresses, dates of birth, driver’s licenses, Social Security cards, credit reports, financial histories, credit card numbers and bank account numbers, according to Chris Vickery, a researcher at the cybersecurity firm UpGuard. File upload dates suggest the public exposure extends back to June 2015. Vickery discovered the data after finding an Amazon Web Services S3 cloud storage bucket used by the company was configured for public access. NCF’s exposure is the latest in a string of organizations leaving sensitive data accessible by the public via an S3 instance. There have been similar incidents impacting the National Security Agency, Department of Defense, Viacom and Verizon, all of which have been discovered by Vickery “This wasn’t secure whatsoever,” Vickery said of […]

The post Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server appeared first on Cyberscoop.

Continue reading Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server

Viacom cloud config goof exposed Paramount Pictures, Comedy Central, MTV, and more

Carelessness is believed to have exposed access credentials and other critical information assets owned by media giant Viacom Inc, leaving them viewable by anyone with an internet connection.
David Bisson reports.
Continue reading Viacom cloud config goof exposed Paramount Pictures, Comedy Central, MTV, and more

Viacom cloud config goof exposed Paramount Pictures, Comedy Central, MTV, and more

Carelessness is believed to have exposed access credentials and other critical information assets owned by media giant Viacom Inc, leaving them viewable by anyone with an internet connection.
David Bisson reports.
Continue reading Viacom cloud config goof exposed Paramount Pictures, Comedy Central, MTV, and more

Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server

Viacom—the popular entertainment and media company that owns Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server.

A security researcher working for California-based cyber resiliency firm UpGuard has recently discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket

Continue reading Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server

Viacom left master keys exposed on a public AWS server

The American media giant Viacom left one gigabyte of sensitive files publicly exposed, according to researchers from the cybersecurity firm UpGuard. It’s the latest in a long string of incidents in which a wide spectrum of companies have found out that moving to cloud computing like Amazon Web Services can come with cybersecurity pitfalls resulting from misconfiguration mistakes. The exposed files included Viacom’s secret cloud keys — information that a hacker could have used to take control of the company’s cloud servers. “Such a scenario could enable malicious actors to launch a host of damaging attacks, using the IT infrastructure of one of the world’s largest broadcast and media companies,” UpGuard’s Dan O’Sullivan explained. “The potential nefarious acts made possible by this cloud leak could have resulted in grave reputational and business damages for Viacom, on a scale rarely seen.” UpGuard researcher Chris Vickery originally found the leak Aug. 30 and notified Viacom the […]

The post Viacom left master keys exposed on a public AWS server appeared first on Cyberscoop.

Continue reading Viacom left master keys exposed on a public AWS server