As misconfigured Amazon servers continue to leak sensitive data Australian Broadcasting Corporation (ABC) is the latest culprit of administrators not properly securing their cloud servers.
One week prior to the incident Amazon announced its new S3 encryption and security features aimed at reducing S3 misconfiguration leaks, a move researchers praised as a step in the right direction while warning administrators will still need to do their part.
Kromtech Security researchers discovered the firm had left two AWS S3 buckets insecure leaking sensitive information.
The leak was indexed by Censys, a public search engine that enables researchers to ask questions about the hosts and networks that compose the Internet, and identified by the researchers on November 14th during a security audit, according a Nov. 16 blog post.
Thousands of emails, login credentials, ABC Commercial users hashed passwords, and media producers’ requests for licensed content were exposed in the latest incident along with a secret access key and login details for another repository, with advance video content and 1,800 daily MySQL database backups from 2015 to present.
This wasn’t the first time ABC leaked sensitive information. In 2013, ABC’s website was hacked revealing sensitive information of around 50,000 users including usernames, email addresses, password hashes, and other user details.