Thailand’s largest 4G mobile operator TrueMove H encounters AWS S3 bucket data leakage

According to securityaffairs report on April 15, the largest 4G mobile operator in Thailand, TrueMove H, recently suffered a data leak. An operator disclosed a total of 46,000 data of 32 GB in the AWS S3 bucket on the Internet, including identity information. , passports, driver’s licenses and other data. According to a statement issued by TrueMove H, its subsidiary, I True Mart, has suffered the impact of this leak.

Security researcher Niall Merrigan revealed that tools such as bucket stream and bucket-finder allow scanning the Internet to open S3 AWS buckers. For example, this event used Merrigan to use the “bucket-finder” tool to discover S3 buckets that open TrueMove H. Merrigan stated that he had informed TrueMove H of this issue, but the operator did not respond.

“The output from bucket-finder showed several issues such as config files, source code and other potential information disclosures. Bucket finder only gets the top 1000 files via the AWS S3 API. To simplify things, I loaded the results into a small SQL database for analysis. I found all the sites that had 1000 files and did a quick visual scan to see what they contained and if there was a way to identify the owner if the need arose.”

Source: Security Affairs