In addition to the cyber security firm, the 343GB worth of leaked data belongs to universities, an insurance firm, non-profit, and public limited firms.
If we could get a penny for every time we reported an unsecured server getting found, perhaps it would amount to vacation dollars.
In another recent incident, security researchers named Noam Rotem and Ran Locar from vpnMentor have reported on an unsecured AWS S3 bucket containing over 5.5 million files and worth 343GB of data which was found on December 20, 2019, but they could disclose it now only due to responsible disclosure practices.
The main database allegedly belongs to a US-based project management company called InMotionNow who has clients both in the States and France placing the data of a number of companies at risk. The list includes the data of the following:
Universities including Kent State & Purdue
ISC2.org – a cyber security firm
Brotherhood Mutual – an insurance company
Public limited companies such as Zagg & Myriad Genetics – both listed on the NASDAQ stock exchange
Freedom Forum Institute – a Non-profit organization & others.
According to vpnMentor’s blog post, the data exposed in the incident include business intelligence, analytic reports, internal presentations with confidential information such as customer count, company strategies, annual revenues, and product labels.
Moreover, the database also included email addresses as a part of mailing lists and finally directly related to universities, personally identifiable information (PII) including full names, physical addresses, phone numbers, donation amounts, and the credentials of donors such as their degree and year.
A screenshot of the Universities donor list exposed ..
Support the originator by clicking the read the rest link below.
