Late this week, reports of two separate Amazon S3 data breaches surfaced. This included the discovery of a huge archive of social media posts that was scraped from the Internet and published by the U.S. Department of Defense.
Security researchers at UpGuard discovered that three Amazon S3 buckets were publicly accessible and contained DoD surveillance data. UpGuard is no stranger to identifying instances of Amazon S3 misconfigurations. The buckets contained at least 1.8 million records of individual Internet posts from 2009 to February 2017.
UpGuard traced the buckets’ data to two U.S. military organizations: The U.S. Central Command, (CENTCOM), which manages U.S. operations in Egypt, Saudi Arabia and Iran, Pakistan, and Kazakhstan, and the U.S. Pacific Command, (PACOM), that oversees operations throughout the Asia-Pacific. VendorX, a government contractor, managed the buckets. It appears to have been defunct.
The data in the buckets included civilians’ Facebook posts and comments, as well as forum posts, discussion groups, and tweets. According to UpGuard, the data seemed to cover a wide range of individuals. Farsi, Arabic, and other Central and South Asian languages were all represented. Some posts were made by Americans, while others were from foreign sites. Some were political, while others appeared completely benign.
It’s now commonplace to remind organizations to ensure that their Amazon S3 buckets do not allow public access. This is especially important after months of publicized data leaks from misconfigured buckets. According to UpGuard researchers, the scope of this leak raises serious concerns about the legality and extent of US citizen surveillance.
They stated that it was not clear why or for what reasons the data was accumulated. This suggests that most of the captured posts were sourced from law-abiding civilians around the world.
ABC Data Leak
The DoD was not the only one to be exposed. The Australian Broadcasting Corporation (ABC), however, was reported to have also exposed significant amounts of critical data regarding a misconfigured Amazon S3 bucket.
Kromtech Security reported Thursday that it discovered buckets that were publicly accessible. These buckets belonged to ABC’s commercial arm. This is responsible for the network’s retail sales. Kromtech said that the buckets contained information largely derived from backups to ABC’s MySQL database. There were “several thousand emails, logins, password hashes for ABC Commercial users”, as well as those of “well-known media members.”
The information exposed also included log-in information and security key information for an ABC data repository, data from content licensing agreements with other media companies, and nearly 2000 MySQL database backups that date back to 2015.
According to Kromtech, ABC confirmed the exposure on Friday with a brief note.
Two weeks after AWS launched new security capabilities specifically for Amazon S3 environments, news of both data leaks came less than two weeks later.