Similarly to what I have done in 2022 and 2021, I am now collecting the incidents due to cloud misconfigurations and leading to the exposure of data. Unfortunately despite the growing risks and awareness this trend does not seem to slow down.
During both 2022 and 2021, AWS S3 accounted for roughly 60% of breaches. Let’s see if it will retain its leadership in this particular chart even in 2022. So far it looks like things are not going to change…
Leaky Services (Radial)
No Data Found
Leaky Services
No Data Found
Leaky Sectors (Radial)
No Data Found
Leaky Sectors
No Data Found
Date Reported
Date Discovered
Organization
Description
Cloud Service
Data Exposed
Country
Link
Sector
05/01/2023
-
Cricketsocial.com
Cricketsocial.com leaves a database left open online, exposing over 100k entries of private customer data and credentials.
AWS
over 100k entries of private customer data and credentials
IN
Arts entertainment, recreation
23/01/2023
-
Digital Infrastructure for Knowledge Sharing app (DIKSHA)
A security lapse in an app operated by India’s Education Ministry exposed the personally identifying information of millions of students and teachers for over a year.
Microsoft Azure
Over 1M teachers's records and 600,000 students
IN
Human health and social work
26/01/2023
26/01/2023
CommuteAir
A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' is shared publicly on a hacking forum.
AWS
Over 1.5 million records of banned flyers and upwards of 250,000 'selectees'
US
Transportation and storage
16/02/2023
18/11/2022
Mscripts
The mobile pharmacy solution provider, Mscripts, announces that a misconfiguration of its cloud storage environment has exposed client data online for the past 6 years.
Unknown
Protected health information of 66,372 patients
US
Professional, scientific and technical
17/02/2023
-
Cutout.pro
Cutout.pro, a popular AI-based photo and video editing tool, is found leaking over 9 GB of user data online.
AWS
9 GB of user data
HK
Professional, scientific and technical
21/02/2023
19/02/2023
US Department of Defense
A US Department of Defense email server hosted on Microsoft Azure's government cloud service reportedly is found wide open to the public Internet for a period of about two weeks before it was properly secured.
Microsoft Azure
About 3 TB of internal military emails
US
Public admin and defence, social security
08/03/2023
08/03/2023
PeopleGrove
PeopleGrove confirms that it’s investigating after a security lapse exposed users’ personal information online.
Google Cloud Platform
-
US
Professional, scientific and technical
15/03/2023
-
Fiatusdt
Fiatusdt, a cryptocurrency exchange exposes sensitive customer records online.
AWS
-
N/A
Fintech
23/03/2023
23/03/2023
GitHub
GitHub reveals that its RSA SSH private key was briefly exposed in a public GitHub repository.
GitHub
RSA SSH private Key
US
Professional, scientific and technical
23/03/2023
-
International Spy Museum
International Spy Museum accidentally exposes credit card authorization forms on a misconfigured S3 bucket.
AWS
Credit Card Authorization form
US
Arts entertainment, recreation
06/04/2023
-
Proskauer Rose
A security lapse sees Proskauer Rose, an international law firm headquartered in New York City, expose sensitive client data for more than six months
Microsoft Azure
Approximately 184,000 files
US
Professional, scientific and technical
19/04/2023
06/03/2023
DC Health
A breach of Washington D.C.’s health insurance marketplace exposes the sensitive information of Congressional representatives, staff and thousands of city residents.
AWS
More than 56,000 current and past customers – including 17 members of the House of Representatives, 43 of their dependents, and 585 House staff members and their dependents
US
Human health and social work
24/04/2023
01/02/2023
ICICI Bank
ICICI Bank leaks a misconfigured and publicly accessible cloud storage – Digital Ocean bucket – with over 3.6 million files exposing sensitive data of the bank and its clients.
Digital Ocean Bucket
3.6 million files exposing sensitive customer data
US
Finance and insurance
27/04/2023
-
Multiple Organizations
Multiple organizations, including banks and healthcare providers, are leaking private and sensitive information from their public Salesforce Community
Salesforce
-
>1
Multiple Industries
12/05/2023
-
Toyota Motor Corporation
Toyota Motor Corporation discloses a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023.
Unknown
2,150,000 customer records
JP
Manufacturing
17/05/2023
-
Capita
Capita exposes the data of several UK councils in an unsecured AWS bucket. The impacted entities include: Colchester, Coventry City, Adur and Worthing, Rochford District, Derby City, and South Staffordshire.
AWS
Data of city councils' local residents
UK
Professional, scientific and technical
18/05/2023
31/01/2023
Leverage EDU
The popular university admission platform Leverage EDU leaked almost 240,000 sensitive files, including students’ passports, financial documents, certificates, and exam results.
AWS
240,000 sensitive files, including students’ passports, financial documents, certificates, and exam results
IN
Professional, scientific and technical
22/05/2023
-
Indiana University
Indiana University leaks confidential Beginning College Student Engagement Survey (BCSSE) data.
Microsoft Azure
Over 1.3 million files containing student data
US
Education
31/05/2023
31/05/2023
Toyota Motor Corporation
Toyota says it identified another batch of exposed data that was “potentially accessible externally due to a misconfiguration” of its connected cloud service,
Unknown
260,000 car owners
JP
Manufacturing
01/06/2023
01/05/2023
Prosperix
Prosperix, a US-based workforce management platform, leaks nearly 250,000 files via a misconfigure AWS bucket.
AWS
250,000 files, 42,000 of them contained the sensitive data of job seeker
US
Professional, scientific and technical
08/06/2023
-
Pflegia
Pflegia, a German healthcare recruitment platform, exposes hundreds of thousands of files with sensitive user data such as names, home addresses, and emails.
AWS
Over 360.000 files
DE
Administration and support service
12/06/2023
21/02/2023
Lantum
Lantum, a UK agency for freelance doctors has potentially exposed personal details relating to 3,200 individuals via unsecured S3 buckets
AWS
98,000 files relating to 3,200 individuals.
UK
Administration and support service
19/07/2023
16/06/2023
FIA World Endurance Championship
Two misconfigured Google Cloud Storage buckets leak over 1.1 million files. Among them there are hundreds of passports, government-issued IDs, and drivers’ licenses belonging to FIA World Endurance Championship (FIA WEC) drivers.
Google Cloud Platform
1.1 Million files
FR
Arts entertainment, recreation
02/08/2023
Late-July 2023
Mondee
Travel giant Mondee has secured an exposed database that was spilling sensitive customer information, including detailed flight and hotel itineraries and unencrypted credit card numbers.
Oracle Cloud
More than 1.7 terabytes
US
Arts entertainment, recreation
11/08/2023
-
MPD FM
MPD FM, a facility management and security company providing services to various UK government departments, leaves an Amazon S3 open instance that exposed employee passports, visas, and other sensitive data.
AWS
Over 16,000 sensitive documents
GB
Administration and support service
Date Reported
Date Discovered
Organization
Description
Cloud Service
Data Exposed
Country
Link
Sector
Enjoy the timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July...
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
The Biggest Data Breaches of 2023
1-15 August 2023 Cyber Attacks Timeline
1-15 July 2023 Cyber Attacks Timeline
July 2023 Cyber Attacks Statistics
Q2 2023 Cyber Attacks Statistics
