silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,165
A US-based used electronics retailer has exposed over 2.6 million files, including ID cards and biometric images, after a misconfigured AWS S3 bucket was discovered.
Researchers at Website Planet traced the instance back to California-based TronicsXchange, previously trading as GreenElectronicsExchange (GEEx).
A random scan for server vulnerabilities led to the discovery of the wide open S3 bucket on October 12 2020. The company itself appeared to be shuttered, with an invalid contact email and its website offline, but Website Planet contacted AWS two days later and the issue was eventually remediated.
“TronicsXchange’s misconfigured bucket contained an extensive set of personal information including personal identifiable information that can be harnessed by nefarious hackers to cause severe financial, social and reputational damage to those affected by the leak,” they argued.
“Furthermore, given the fact that government-issue documents were exposed, nefarious users could potentially conduct identity fraud across different platforms and institutions. Users’ true likenesses, copies of official documentation and contact details could be harnessed to conduct identity theft.”
Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak
AWS S3 bucket managed by TronicsXchange is found online
www.infosecurity-magazine.com