(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]
‘Huge’ data leak exposes British consultancy firms and thousands of consultants
2020-01-14 00:00:00
Leaky servers exposed a wealth of personal and financial data held by British consultancy firms as well as thousands of professionals, ranging from expenses forms to personal names and addresses.
Thousands of sensitive files stored on an Amazon Web Services (AWS) S3 bucket had been exposed for an indeterminate amount of time after a database was found to be completely unsecured and unencrypted.
The compromised files related to the respective HR departments of a host of consultancy firms, as well as thousands of workers whose data was held by these departments.
Most of the exposed data dates back to the 2014/15 financial year, with some files even going back to 2011, although researchers with vpnMentor, who discovered the leaky database, insist the information exposed is still pertinent to cyber criminals.
“Given the nature of the files contained within the database, the information exposed is still relevant and could be used in many ways,” the researchers said.
“Had criminal hackers discovered this database, it would have been a goldmine for illicit activities and fraud, with potentially devastating results for those exposed.”
The open S3 bucket was discovered on 9 December 2019 and shut down ten days later after AWS responded to the researchers.
[END]
[1] URL:
https://www.itpro.co.uk/security/data-breaches/354532/huge-data-leak-exposes-british-consultancy-firms-and-thousands-of
[2] URL:
https://creativecommons.org/licenses/by-sa/3.0/
DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/
