Breach, Cloud Security, Data Security, Network Security, Security Strategy, Plan, Budget

Misconfigured Amazon S3 server leaks Australian Broadcasting Corporation

As misconfigured Amazon servers continue to leak sensitive data Australian Broadcasting Corporation (ABC) is the latest culprit of administrators not properly securing their cloud servers.

One week prior to the incident Amazon announced its new S3 encryption and security features aimed at reducing S3 misconfiguration leaks, a move researchers praised as a step in the right direction while warning administrators will still need to do their part.  

Kromtech Security researchers discovered the firm had left two AWS S3 buckets insecure leaking sensitive information.

The leak was indexed by Censys, a public search engine that enables researchers to ask questions about the hosts and networks that compose the Internet, and identified by the researchers on November 14th during a security audit, according a Nov. 16 blog post.   

Thousands of emails, login credentials, ABC Commercial users hashed passwords, and media producers' requests for licensed content were exposed in the latest incident along with a secret access key and login details for another repository, with advance video content and 1,800 daily MySQL database backups from 2015 to present.

This wasn't the first time ABC leaked sensitive information. In 2013, ABC's website was hacked revealing sensitive information of around 50,000 users including usernames, email addresses, password hashes, and other user details.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.