UpGuard: 50.4 GB of data was leaked due to unprotected Amazon Web Services

by do son · March 11, 2018

The cloud security vendor UpGuard’s cyber risk team discovered a group of 50.4 GB of data leaked due to unprotected Amazon Web Services (AWS) S3 buckets.

This 50.4 GB data relates to Birst’s main customer, Capital One, a financial services giant based in McLean, Virginia and also the eighth largest commercial bank in the United States. It includes Capital One network infrastructure configuration information and Birst’s equipment technology information.

According to an official blog post issued by UpGuard, this data contains passwords, management access credentials, and private keys, and is used exclusively by Capital One’s related systems in Birst’s internal cloud environment. The attackers used this leaked data to grasp Capital One’s use of Birst equipment, and then invade the IT system and dig deeper into the company’s internal information.

By Amazon.com Inc. (Amazon) [Apache License 2.0], via Wikimedia Commons

On January 15, 2018, Chris Vickery, director of online risk research at UpGuard, discovered the leaked data. The data was located in the “capitalone-appliance” subdomain and allowed access by any user.

They found that one of the files was marked as “Client.key” and contained the encryption key used to decrypt the data. This method of storing the key with the encryption device is the same as leaving the key and the lock in a public place. The hacker can use this to easily decrypt the encrypted device. The leaked data also included the username and hashed password used by Birst, and the incident completely revealed how the Birst device was constructed. The attackers will be able to focus on invading Capital One and another More extensive system. The most noteworthy of these is the number of business intelligence dashboards used to connect Birst devices and other service port locations.

When cryptocurrency prevails, public AWS buckets can now also be used for cryptocurrency mining. Recently, Tesla’s Amazon account was hacked and used to conduct Monroe mining. The incident also revealed Tesla’s incident in storing sensitive data in Amazon S3 buckets.

In addition, on February 24, 2018, researchers also discovered an Amazon S3 bucket belonging to the Los Angeles Times. The hackers exploited the configuration error of the bucket to mine Monroe Coin through CoinHive’s JavaScript code. With the help of this code, hackers were able to use the computer resources of visitors to the Los Angeles Times website to mine.

UpGuard currently removes blog posts about Birst’s database breach. In addition, banking giant Capital One also denied this data breach.

Source: upguard