Similarly to what I have done in 2021, I am now collecting the incidents due to cloud misconfigurations and leading to the exposure of data. Unfortunately despite the growing risks and awareness this trend does not seem to slow down.
During 2021, AWS S3 accounted for roughly 60% of breaches. Let’s see if it will retain its leadership in this particular chart even in 2022. So far it looks like things are not going to change…
Expand for details
Leaky services
No Data Found
Leaky Sectors
No Data Found
Date Reported
Date Discovered
Organization
Description
Cloud Service
Data Exposed
Country
Link
Sector
24/01/2022
28/10/2021
Securitas
An unsecured AWS S3 bucket exposes sensitive data belonging to airport employees across Colombia and Peru.
AWS
Approx. 3TB of data with 1.5M files
CO
PE
Administration and support service
27/01/2022
06/10/2021
ePallet
An Amazon S3 bucket owned by the American wholesale and logistics platform ePallet Inc. is misconfigured, exposing the data of hundreds of other businesses in the process.
AWS
Over 2.5 million files, totalling 600+ GB of data
US
Administration and support service
01/02/2022
05/12/2021
British Council
Hundreds of thousands of British Council students have their personal and login details exposed after a Microsoft Azure Blob is left misconfigured
Microsoft Azure
Approx. 144K+ of xmal, json and xls/xlsx files
UK
Education
02/02/2022
28/10/2021
Civicom
A misconfigured Amazon S3 bucket belonging to Civicom ia responsible for exposing thousands of audio and video recordings of the company’s clients.
AWS
Over 8TB of data with 100,000+ files
US
Information and communication
08/02/2022
-
GiveSendGo
GiveSendGo, a donation site, leaves an S3 bucket containing over 50 gigabytes of files
AWS
50GB of data
US
Other service activities
14/02/2022
09/09/2021
Beetle Eye
A misconfigured AWS S3 bucket exposes the data of Beetle Eye, a US marketing automation platform.
AWS
Approx. 1+ GB of data with 6K files belonging to 7M individuals
US
Professional, scientific and technical
14/02/2022
23/01/2022
FlexBooker
FlexBooker exposes the sensitive data of millions of customers.
AWS
Approx. 172GB of data with 19M files
US
Administration and support service
15/02/2022
08/12/2021
MemberNova
A misconfigured instance of the MemberNova association management software leaves the personal information of "millions*" of Internet Society (ISOC) members exposed on the internet.
Microsoft Azure
Millions of files with personal and login details belonging to ISOC members
CA
Professional, scientific and technical
21/02/2022
8/11/2021
Melijoe
An Amazon S3 bucket owned by Melijoe is left accessible without authentication controls in place, exposing sensitive and personal data for potentially hundreds of thousands of customers.
AWS
Around 200 GB with nearly 2 million files belonging to up to 200,000 users
FR
Wholesale and retail
22/03/2022
11/11/2021
Doctors Me
An Amazon S3 bucket owned by Doctors Me is left open without proper access authorization and authentication controls in place, exposing sensitive data for around 12,000 people.
AWS
More than 300,000 files belonging to around 12,000 users for a total of 30 GB.
JP
Human health and social work
06/04/2022
11/11/2021
CashMama
CashMama, a defunct money lending platform based in India, which exposed a comprehensive array of customer data
AWS
Over 1TB containing the data of Around 200-600K users.
IN
Finance and insurance
29/04/2022
11/11/2021
Breastcancer.org
Breastcancer.org leaves a misconfigured Amazon S3 bucket t publicly available without any safety protocols in place.
AWS
Around 150 GB with 350,000+ files impacting 50,000+ users
US
Human health and social work
30/05/2022
21/03/2022
Pegasus Airlines
Turkish flight operator Pegasus Airlines suffers a data breach after an AWS cloud storage bucket is reportedly left unprotected and there was unauthorized access to certain information held by carrier.
AWS
23 million files, totaling around 6.5 TB of data
TR
Transportation and storage
08/06/2022
11/02/2022
Mobike
A massive trove of more than 120,000 passports, drivers licenses and identity documents uploaded by users of bike-sharing service Mobike have been found online.
AWS
94,000 customer selfies, 49,000 customer signatures, more than 120,000 passports, drivers licenses and identity documents
CN
Other service activities
09/06/2022
02/02/2022
MyEasyDocs
MyEasyDocs, a Chennai, India based online documents verification platform, exposes data of over 57,000 students after a Microsoft Azure storage blob is misconfigured
Microsoft Azure
30.5 Gb of data with 57,400 files containing the info of 57,400 people
IN
Professional, scientific and technical
16/06/2022
12/01/2022
StoreHub
StoreHub, a POS and inventory management software provider leaks almost 1 million customers' data via a misconfigured Elasticsearch server hosted on AWS.
AWS
Over 1TB with 1M customer data
MY
Professional, scientific and technical
04/07/2022
Somewhere in 2022
Shanghai National Police (SHGA)?
An anonymous threat actor, under the handle of ChinaDan, sells several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approximately $195,000).
Alibaba Cloud
22 terabytes of stolen information on roughly 1 billion Chinese citizens
CN
Public admin and defence, social security
06/07/2022
28/03/2022
Dodo Point
38 GB of data are exposed in an incident affecting Dodo Point, a South Korean “loyalty platform” solution for retail outlets such as cafes, restaurants, beauty salons, and more.
AWS
Over 38 GB of data, around 73,000 files
KR
Wholesale and retail
06/07/2022
26/04/2022
American Marriage Ministries (AMM)
Wedding officiant training company American Marriage Ministries (AMM) leaves an S3 bucket exposed, leaking 630 GB of data on about 185,000 officiants
and roughly 15,000 married couples as well as their wedding guests.
AWS
630 GB of data on about 185,000 officiants
and roughly 15,000 married couples
US
Other service activities
07/07/2022
30/03/2022
Proud Makatizen
Proud Makatizen, an online portal of the city of Makati for providing Covid-19 relief services, has a misconfigured AWS S3 bucket, exposing over 620,000 files including photos of ID cards, as well as private medical and financial information.
AWS
39.7 GB with 620,000 belonging to 300,000 people
PH
Public admin and defence, social security
03/08/2022
02/08/2022
Unknown organization
Two unprotected IPs on Azure containing Elasticsearch indices named ‘UAN’ are discovered. The first cluster contains over 280m records, while the second had around 8m records with India Universal Account Numbers
Microsoft Azure
A total of 288 million records
IN
Unknown
05/08/2022
During February 2022
PlatformQ
PlatformQ, a provider of digital engagement solutions for healthcare and education, inadvertently published a database backup stored in a misconfigured AWS S3 bucket.
AWS
Data of 100,000 doctors, nurses, and other healthcare professionals
US
Professional, scientific and technical
12/08/2022
10/08/2022
COVID health mobile app run by the city of Shanghai
A hacker claims to have obtained the personal information of 48.5 million users of a COVID health mobile app run by the city of Shanghai.
Alibaba Cloud
Personal information of 48.5 million users
CN
Human health and social work
16/08/2022
-
Microsoft
Multiple people who appear to be employees of Microsoft have exposed sensitive login credentials to the company’s own infrastructure on GitHub.
GitHub
Sensitive login credentials
US
Professional, scientific and technical
03/09/2022
-
Unknown organization
A group known as 'AgainstTheWest' claims to have breached both TikTok and WeChat, sharing screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.
Alibaba Cloud
2.05 billion records in a 790GB database
CN
Unknown
29/09/2022
09/09/2022
Federal contractor of the U.S. Department of Veterans Affairs
The Department of Veterans Affairs conducts a cyber breach investigation after a federal contractor exposed source code containing sensitive credentials on GitHub.
GitHub
Source code containing sensitive credentials
US
Public admin and defence, social security
07/10/2022
15/09/2022
Toyota Motor Corporation
Toyota Motor Corporation warns that customers' personal information may have been exposed after an access key was publicly available on GitHub for almost five years.
GitHub
Access key
JP
Manufacturing
19/10/2022
24/09/2022
Microsoft
Microsoft says that some of its customers' sensitive information was exposed by a misconfigured Microsoft Azure instnce accessible over the Internet.
Microsoft Azure
2.4 TB of data containing sensitive information, with more than 335,000 emails, 133,000 projects, and 548,000 from 111 countries
US
Professional, scientific and technical
20/10/2022
-
Multiple organizations
Researchers discover nearly two million .git folders containing vital project information are exposed to the public.
Git
Multiple data
>1
Multiple Industries
27/10/2022
30/09/2022
Amazon
A database packed with Amazon Prime viewing habits is stored on an internal Amazon AWS server accessible from the internet.
AWS
215 million entries of pseudonymized viewing data
US
Professional, scientific and technical
01/11/2022
21/10/2022
Thomson Reuters
Thomson Reuters leaves an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format
AWS
At least 3TB of customer data
CA
Information and communication
03/11/2022
During 2021
Astra Zeneca
AstraZeneca leaves a list of credentials online for more than a year that exposed access to sensitive patient data.
GitHub
Access to a test environment, containing some patient data.
UK
Professional, scientific and technical
25/11/2022
19/09/2022
Bahmni
Bahmni, an electronic records and hospital system, leaks a database with some patient data.
AWS
N/A
N/A
Human health and social work
07/12/2022
-
Department of Veterans Affairs
The COVID-19 vaccination statuses of approximately 500,000 Department of Veterans Affairs employees have been impermissibly disclosed.
Microsoft Sharepoint
COVID-19 vaccination statuses of approximately 500,000 employees
US
Public admin and defence, social security
08/12/2022
During April and July 2022
Vevor
Vevor, an online retailer, exposes a database on AWS containing 1,166,293,742 documents (601.84GB).
AWS
1,166,293,742 documents (601.84GB).
CN
Wholesale and retail
12/12/2022
-
Teqtivity
Teqtivity, an IT Asset management company reveals that customer data that was compromised due to unauthorized access to an AWS backup server. Other companies such as Uber and TripActions are impacted.
AWS
N/A
US
Professional, scientific and technical
13/12/2022
-
International Table Tennis Federation (ITTF)
The International Table Tennis Federation (ITTF) leaves a cloud storage open for three years.
Undisclosed Cloud Service
N/A
N/A
Arts entertainment, recreation
19/12/2022
12/06/2022
McGraw Hill
McGraw Hill’s online education platform exposes two S3 buckets with a total of 22+ TB of data.
AWS
22 Tb of data with over 117,500,000 files belonging to 100,000 people
US
Information and communication
Date Reported
Date Discovered
Organization
Description
Cloud Service
Data Exposed
Country
Link
Sector
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
It's time to publish the statistics derived from the cyber attacks timelines of August (Part I and Part II), a month particularly active from an Information Security perspective, despite the Summer time. As always, let’s start from the Daily Trend Chart, which shows obviously an ...
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July...