Breach, Data Security, Network Security

Another misconfigured Amazon S3 server leaks data of 50,000 Australian employees

Another misconfigured Amazon server has resulted in the exposure of personal data - this time on 50,000 Australian employees that were left unsecure by a third-party contractor.

This is country's second largest data breach since the information of 550,000 blood donors was leaked last year.

Records including full names, passwords, salaries, IDs, phone numbers, and some credit card data were left exposed with 25,000 of the records coming from AMP Ltd, 17,000 records belonging to Cimic Group Ltd. subsidiary UGL Ltd, 4,770 from Australian government departments, and 1,500 from Rabobank, according to iTnews.

None of the organizations impacted named the third party responsible. A Polish researcher by the moniker “Wojciech” spotted the exposed server by conducting a search for Amazon S3 buckets set to open, with “dev”, “stage”, or “prod” in the domain name, and containing specific file types like xls, zip, pdf, doc and csv.

The database backups were made in March 2016 and Wojciech told the publication most of the credit card numbers had been cancelled and that many of the records were available in duplicate. Even though the payment information may be useless, researchers warn the stolen information could still be used in conjunction with other information for social engineering attacks and to break into other sites if credentials are shared between platforms.

“In the hands of fraudsters and criminal organisations, these valuable identity sets are usually sold to other cybercriminals and used for myriad criminal activities, both on the Internet and in the physical world,” Lisa Baergen, director at NuData Security told SC Media. “Using these real identities, and sometimes fake identities with valid credentials, they'll take over accounts, apply for loans and much more. Every hack has a snowball effect that far outlasts the initial breach.”

Baergen added that any personal information can be valuable to fraudsters and that everything that can be used to compile an identity will be used. To protect themselves, users should enable two factor authentication whenever possible.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.