Over 750,000 birth and death certificate applications exposed online from unsecured Amazon Web Services cloud bucket. The data exposed online by an unknown company that supplies data to state governments.
The unsecured bucket was discovered by U.K.-based cybersecurity company Fidus Information Security. The bucket has no password protection, anyone with the link can access the records.
The bucket found to be created in 2017 and the bucket was updated daily, “In one week, the company added about 9,000 applications to the bucket,” reads Techcrunch post.
The exposed data includes the following data such as “name, date of birth, current home address, email and phone number, names of family members, historical information (i.e. addresses), or the reason behind applying for the documents.”
Techcrunch was able to verify the integrity of the data by matching names and addresses against public records.
The company name was not revealed, Fidus and TechCrunch attempted to reach the company via email but no response, they reached Amazon “said it would inform the customer.”
Amazon S3 is one of the leading cloud storage solutions it was launched in 2006, you can store any data with the S3 buckets.
The Amazon S3 buckets leak became prominent now as several companies suffered the leak, the most common cause for the data leak is the misconfigured security settings. Amazon has introduced several security updates to protect the buckets, but still misconfigured S3 buckets exist.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates
Also Read
Hospital in New York Hacked with Ransomware – Permanently Lost the Patient Records
