Domain: upguard.com
Stories and comments across the archive that link to upguard.com.
Stories · 8
-
Millions of Facebook Records Found on Amazon Cloud Servers (bloomberg.com)
Researchers at UpGuard, a cybersecurity firm, found troves of Facebook user information hiding in plain sight, inadvertently posted publicly on Amazon.com's cloud computing servers. From a report: The discovery shows that a year after the Cambridge Analytica scandal exposed how unsecure and widely disseminated Facebook users' information is online, companies that control that information at every step still haven't done enough to seal up private data, Bloomberg News reports. In one instance, Mexico City-based media company Cultura Colectiva openly stored 540 million records on Facebook users, including identification numbers, comments, reactions and account names. That database was closed on Wednesday after Bloomberg alerted Facebook to the problem and Facebook contacted Amazon. Facebook shares pared their gains after the Bloomberg News report. UpGuard adds: The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers. As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak.
-
Oklahoma Government Data Leak Exposes FBI Investigation Records, Millions of Department Files (zdnet.com)
An anonymous reader quotes a report from ZDNet: Researchers have disclosed the existence of a server exposed to the public which not only contained terabytes of confidential government data but information relating to FBI investigations. According to UpGuard cybersecurity researchers Greg Pollock and Chris Vickery, the open storage server belonged to the Oklahoma Department of Securities (ODS), a U.S. government department which deals with securities cases and complaints. The database was found through the Shodan search engine which registered the system as publicly accessible on November 30, 2018.
The UpGuard team stumbled across the database on December 7th and notified the department a day later after verifying what they were working with. To ODS' credit, the department removed public access to the server on the same day. In order to examine the security breach, the team was able to download the server's contents. The oldest records dated back to 1986 and the most recent was timestamped in 2016. In total, three terabytes of information representing millions of files. Contents ranged from personal data to system credentials and internal communication records. ODS said in a statement to ZDNet: "All state IP addresses, and many city and county addresses, are registered to OMES, but the agency has no visibility into the computer systems at the Oklahoma Department of Securities. For the past eight years the state has been working to consolidate all IT infrastructure under OMES and ODS had the option to consolidate its systems voluntarily and they did not." -
An ISP Left Corporate Passwords, Keys, and All Its Data Exposed On the Internet (vice.com)
Security researchers at UpGuard discovered that a Washington-based ISP called Pocket iNet left 73 gigabytes of essential operational data publicly exposed in a misconfigured Amazon S3 storage bucket for months. "Said bucket, named 'pinapp2,' contained the 'keys to the kingdom,' according to the security firm, including internal network diagramming, network hardware configuration photos, details and inventory lists -- as well as lists of plain text passwords and AWS secret keys for Pocket iNet employees," reports Motherboard. From the report: Upguard says the firm contacted Pocket iNet on October 11 of this year, the same day the exposed bucket was discovered, but the ISP took an additional week before the data was adequately secured. "Seven days passed before Pocket iNet finally secured the exposure," noted the firm. "Due to the severity of this exposure, UpGuard expended significant effort during those seven days, repeatedly contacting Pocket iNet and relevant regulators, including using contact information found within the exposed dataset."
According to UpGuard, the list of plain text passwords was particularly problematic, given it provided root admin access to the ISP's firewalls, core routers and switches, servers, and wireless access points. "Documents containing long lists of administrative passwords may be convenient for operations, but they create single points of total risk, where the compromise of one document can have severe and extensive effects throughout the entire business," noted UpGuard. "If such documents must exist, they should be strongly encrypted and stored in a known secure location," said the firm. "Unfortunately, a single folder of PocketiNet's network operation historical data (non-customer) was publicly accessible to Amazon administrative users," the ISP said in a statement to Motherboard. "It has since been secured." -
AWS Error Exposed GoDaddy Business Secrets (zdnet.com)
Internal information belonging to hosting provider GoDaddy has been exposed via an error in Amazon's AWS bucket configuration. According to cybersecurity firm UpGuard, a set of documents were left in an Amazon S3 bucket which was available to the public. ZDNet reports: The information involved in the security breach appeared to describe GoDaddy's architecture, as well as "high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios," according to UpGuard. Configuration files for hostnames, operating systems, workloads, AWS regions, memory, CPU specifications, and more were included in the exposed cache, which described at least 24,000 systems.
"Essentially, this data mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarized and modeled data on totals, averages, and other calculated fields," the cybersecurity firm said. The open bucket, called "abbottgodaddy," also included what the company believes to be business information relating to GoDaddy and Amazon AWS' relationship, including rate negotiations. This information should have been kept confidential. The open bucket, called "abbottgodaddy," also included what the company believes to be business information relating to GoDaddy and Amazon AWS' relationship, including rate negotiations. This information should have been kept confidential. -
Cloud-Based Repository Leak Exposes 123 Million American Households (zdnet.com)
"An Amazon Web Services (AWS) S3 cloud storage bucket containing information from data analytics firm Alteryx has been found publicly exposed, comprising the personal information of 123 million U.S. households," reports ZDNet. "The S3 bucked, located at the subdomain 'alteryxdownload,' was found by California cybersecurity firm UpGuard, with its Cyber Risk Team discovering the leak on October 6, 2017." From the report: The 36 GB data file titled "ConsumerView_10_2013" contained over 123 million rows, each one signifying a different American household. A similar file was seen by UpGuard when the personal details of 198 million American voters, compiled in a dataset by a data firm used by the Republican National Committee, were exposed. To highlight the breadth of the issue, UpGuard said the exposed data reveals over 3.5 billion fields of personally identifying details and data points about virtually every American household, including racial and ethnic information. The spreadsheet uses anonymized identifiers, but the information in the other few billion fields are very detailed, UpGuard said. Home addresses, contact information, mortgage status, financial histories, and very specific analysis of purchasing behavior -- such as domestic travel habits, if someone is a cat enthusiast, and their sporting interests -- is up for grabs in the exposed data. As for how this happened, ZDNet says, "the bucket was configured via permission settings to allow any AWS 'Authenticated Users' to download its stored data. Authenticated users are any user that has an AWS account." -
Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets (theregister.co.uk)
An anonymous reader quotes a report from The Register: Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages -- all scraped from around the world by the U.S. military to identify and profile persons of interest. The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive. CENTCOM is the common abbreviation for the U.S. Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for U.S. Pacific Command, covering the rest of southern Asia, China and Australasia.
"For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate." Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens. The databases also reveal some interesting clues as to what this information is being used for. Documents make reference to the fact that the archive was collected as part of the U.S. government's Outpost program, which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism. -
Thousands of Job Applicants Citing Top Secret US Government Work Exposed In Amazon Server Data Breach (gizmodo.com)
According to Gizmodo, "Thousands of files containing the personal information and expertise of Americans with classified and up to Top Secret security clearances have been exposed by an unsecured Amazon server, potentially for most of the year." From the report: The files have been traced back to TigerSwan, a North Carolina-based private security firm. But in a statement on Saturday, TigerSwan implicated TalentPen, a third-party vendor apparently used by the firm to process new job applicants. "At no time was there ever a data breach of any TigerSwan server," the firm said. "All resume files in TigerSwan's possession are secure. We take seriously the failure of TalentPen to ensure the security of this information and regret any inconvenience or exposure our former recruiting vendor may have caused these applicants. TigerSwan is currently exploring all recourse and options available to us and those who submitted a resume."
Found on an insecure Amazon S3 bucket without the protection of a password, the cache of roughly 9,400 documents reveal extraordinary details about thousands of individuals who were formerly and may be currently employed by the U.S. Department of Defense and within the U.S. intelligence community. The files, unearthed this summer by a security analyst at the California-based cybersecurity firm UpGuard, were discovered in a folder labeled "resumes" containing the curriculum vitae of thousands of U.S. citizens holding Top Secret security clearances -- a prerequisite for their jobs at the Central Intelligence Agency, the National Security Agency, and the U.S. Secret Service, among other government agencies. -
198 Million Americans Hit By 'Largest Ever' Voter Records Leak (zdnet.com)
Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server, reports say. From a ZDNet article: It's believed to be the largest ever known exposure of voter information to date. The various databases containing 198 million records on American voters from all political parties were found stored on an open Amazon S3 storage server owned by a Republican data analytics firm, Deep Root Analytics. UpGuard cyber risk analyst Chris Vickery, who found the exposed server, verified the data. Through his responsible disclosure, the server was secured late last week, and prior to publication. This leak shines a spotlight on the Republicans' multi-million dollar effort to better target potential voters by utilizing big data. The move largely a response to the successes of the Barack Obama campaign in 2008, thought to have been the first data-driven campaign. Further reading: Republican Data-Mining Firm Exposed Personal Information for Virtually Every American Voter - The Intercept; The RNC Files: Inside the Largest US Voter Data Leak - Upguard; Data on 198M voters exposed by GOP contractor Data On 198M Voters Exposed By GOP Contractor - The Hill.