Over 100GB of Secret Consumer Credit Data Leaked Online

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Some 111GB of highly sensitive information including consumer credit histories has been exposed by the National Credit Federation as the result of yet another misconfigured Amazon Web Services (AWS) S3 cloud storage bucket.

UpGuard’s noted director of cyber risk research, Chris Vickery, made the discovery in early October. The cloud database was configured for public access, meaning anyone entering the repository’s URL could access and download the its contents.

Although the leak affected only around 40,000 consumers, the data concerned is highly sensitive, including credit reports from the big three agencies — Equifax, Experian and TransUnion.

“Exposed among the leaked files were such sensitive documents and details as customer names, addresses, dates of birth, driver’s license and Social Security card images, credit reports from all three major agencies, personalized credit blueprints containing detailed financial histories, and full credit card and bank account numbers,” explained UpGuard’s Dan O’Sullivan.
“How many more buckets of this type, containing the most compromising personal and financial details imaginable, are out there, totally unsecured and awaiting discovery by the first bad guy to find them?”

He argued that the leaked data could easily be used by hackers to commit identity theft.

The leak follows countless more before it, all the result of basic misconfiguration mistakes. Just this week another Pentagon snafu was revealed after UpGuard discovered highly classified data belonging to the United States Army Intelligence and Security Command (INSCOM).

In response to growing security concerns around the public cloud, Amazon Web Services this week launched GuardDuty, a new threat detection service also designed to spot misconfigurations.

However, experts argued the tool may not have the impact Amazon hopes.

“The problem is that Amazon can only scratch the surface of the real issue. Ultimately, GuardDuty is another source of data and alerts that can feed into SIEM, and simply giving more alerts doesn’t make organizations any more secure,” said Awake Security CEO, Michael Callahan.

“Ensuring those alerts are prioritized, investigated and resolved in a timely manner is the key. From a security analyst standpoint, it can be easy for more alerts to get lost in the noise they experience every day.”
 
F

ForgottenSeer 58943

Again.. AWS.. 18 months ago my crusade warning people about AWS began... That was after a 'project' dealing with AWS revealed things that scared the hell out of me. It's when my journey to remove all of my life from AWS began..

:unsure:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top