Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nagwww/s3-leaks

List of S3 Hacks
https://github.com/nagwww/s3-leaks

Last synced: 24 days ago
JSON representation

List of S3 Hacks

Awesome Lists containing this project

README

        

# s3-leaks

## List of AWS S3 Leaks

Feel free to send in a PR if you know of other leaks

|Date | Description |Notes |
| ------------- | --------------------------------------------------------------|------------- |
|Oct 2023 | India’s national logistics portal exposed sensitive personal data, trade records| Exposed sensitive personal data and various state and private trade records.|
|Aug 2022 | Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake'| That is sure a lot of data on S3|
|July 2022 | McGraw Hill's S3 buckets exposed 100,000 students' grades and personal info| 22 TB of data and over 117 million files|
| Aug2020 | S3 bucket mess up exposed 182GB of senior US, Canada citizens data|The misconfigured S3 bucket was owned by SeniorAdvisor, a consumer ratings and reviews website. |
| July2020 |
Twilio: Someone broke into our unsecured AWS S3 silo, added 'non-malicious' code to our JavaScript SDK|Attackers tried to update the javascript library hosted on the s3 buckets so this can be picked up by other clients |
|Jan 2020 |
"Exposed AWS buckets again implicated in multiple data leaks"| Passport scans, tax documents, background checks, job applications, expense claims, contracts, emails and salary details relating to thousands of consultants working in the UK were exposed.|
|June 2020 | "7.2 million records were exposed, but not from the BHIM app"| | |
| Oct 2018|
Misconfigured database breaches thousands of MedCall Advisors patient files|names, email and postal addresses, phone numbers, dates of birth and Social Security numbers. Other files had recordings of patient evaluations and conversations with doctors, along with medications, allergies and other detailed personal health data.|
| Jun 2019|AWS S3 server leaks data from Fortune 100 companies: Ford, Netflix, TD Bank|Attunity, an Israeli IT firm that provides data management, warehousing, and replication services for the world's biggest companies, has exposed some of its customers' data after it left three Amazon S3 buckets exposed on the internet without a password.|
| May 2019 | How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups ||
| Mar 2018|Medical Records and Patient-Doctor Recordings Were Exposed|information for employees of 181 business locations, as well as personally identifiable information (PII) for nearly 3,000 individuals was publicly exposed in an unsecured||
| Mar 2018|Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users|addresses, zip-codes, e-mail addresses, and IP addresses. He also claims the database contained plaintext passwords||
| Feb 2018 | S3 bucket open to world : Octoly|real names, addresses, phone numbers, email addresses|
| Jan 22 | Sensitive medical records on AWS bucket found to be publicly accessible ||
| Dec 2017 | Alteryx leave S3 bucket open for anonymous user : 120m american households exposed|Home addresses, contact information, mortgage status, financial histories|
| Nov 2017|
111 GB of internal customer information from National Credit Federation, a Tampa, Florida-based credit repair service|- SSN - Drivers licesne, credit reports |
| Nov 2017| Uber, the hack happend couple months back was brought to light in Nov 2017>|personal information of 57 million Uber users and driver's license numbers |
|Nov 2017 |
NSA leak exposes Red Disk, the Army's failed intelligence system|100 gigabytes of data from an Army intelligence project, codenamed "Red Disk."|
| Nov 2017 |
Australia data leak: Nearly 50,000 government and private staffers’ sensitive data publicly exposed|S3 bucket left open by a contractor|
| Oct 2017 | How A Cloud Leak Exposed Accenture's Business||
| Oct 2017 | Patient Home Monitoring Service Leaks Private Medical Data Online| publically accessible Amazon S3 47.5 GB / 316,363 |
|Sep 2017 | Viacom : Open S3 bucket with AWS Keys, passwords, other sensitive info |S3 bucket open to the world|
| Sep 2017 | Leaky S3 bucket sloshes deets of thousands with US security clearance| - Bucket open to the world in the test account|
|Sep 2017 | Millions of Time Warner Cable Customer Records Exposed in Third-Party Data Leak ||
|August 2017 | Indian Creditseva Data Breach ||
|August 2017 | Open AWS S3 bucket leaked hotel booking service data | |
| July 2017 | S3 bucket was set to authenticate all AWS users, not just Dow Jones users||
|July 2017 | Massive WWE Leak Exposes 3 Million Wrestling Fans' Addresses, Ethnicities And More
| July 2017 | Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet | |
|June 2017 | Personal information belonging to more than 198 million registered U.S. voters was exposed
|May 2017 | Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password ||
|May 2017 | Security company finds unsecured bucket of US military images on AWS ||
| April 2017 | A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed | |
| Feb 2017 | CHILDREN’S VOICE MESSAGES LEAKED IN CLOUDPETS DATABASE BREACH ||
| Jan 2017 | Paytm S3 bucket misconfiguration allowing PUT operations ||
| March 2013 | Thousands of Amazon S3 buckets left open exposing private data | |

## ElasticSearch
|Date | Description |Notes |
| ------------- | --------------------------------------------------------------|------------- |
| Sep 2017 | AWS hosted elastic search servers hijacked | |