All news in category "Incidents and Data Breaches"

LocalBlox S3 Misconfiguration Exposes 48M Records Publicly

🔓 UpGuard discovered an Amazon S3 bucket owned by LocalBlox that was publicly accessible, exposing a 1.2 TB ndjson archive containing approximately 48 million personal profiles. The dataset aggregated names, addresses, dates of birth, scraped LinkedIn and Facebook content, Twitter handles, and other identifiers used to build psychographic profiles. UpGuard notified LocalBlox and the bucket was secured on February 28, 2018. The incident highlights how a simple cloud misconfiguration can compromise consumer privacy and enable targeted influence at scale.

Marketing PR Platform Exposed Data of Hundreds of Thousands

🔓 UpGuard identified an Amazon S3 bucket tied to iPR Software that publicly exposed over a terabyte of files, including a 17 GB MongoDB backup. The collection contained 477,000 media contacts, approximately 35,000 hashed passwords, client marketing assets, internal PR strategy documents, and credentials for Google, Twitter, and a MongoDB host. UpGuard notified iPR in October 2019; public access was removed in late November after follow-up and media engagement.

Open rsync Repository Exposes 42,000+ Patients' Records

🔒 UpGuard discovered a publicly accessible rsync repository tied to Cohen Bergman Klepper Romano Mds PC that exposed records for more than 42,000 patients and over three million medical notes. The exposed data included patient and physician names, Social Security numbers, dates of birth, phone numbers, email and insurance information, along with an Outlook .pst and a virtual hard drive containing staff home addresses and family details. UpGuard notified the affected parties and Accenture, and the repository was secured after follow-up, underscoring failures in basic access controls and the need for faster remediation.

Spartan Technology S3 Exposure of South Carolina Arrests

🔒 UpGuard Research discovered a publicly accessible AWS S3 bucket containing roughly 60 GB of MSSQL backups uploaded by a Spartan Technology employee, exposing South Carolina justice-system records spanning 2008–2018. The dataset included about 5.2 million arrest-event rows, tens of millions of related records, and sensitive PII such as names, dates of birth, driver’s license numbers and roughly 17,000 Social Security numbers. Permissions included the "AuthenticatedUsers" group, enabling broad access; Spartan removed public access the same day after notification.

ISP Exposes Administrative Credentials via S3 Misconfig

🔓On October 11, 2018 UpGuard discovered that an Amazon S3 bucket named "pinapp2" exposed 73 GB of data belonging to Pocket iNet. The downloadable "tech" folder contained plaintext administrative passwords, AWS secret keys, network configuration files, inventory lists, and photographs of hardware and towers. Pocket iNet was notified the same day and secured the exposure on October 19, 2018. The incident highlights how misconfigured S3 ACLs and poor credential hygiene can place critical infrastructure at risk.

Exposed NGA Data Linked to Booz Allen S3 Misconfiguration

🛡️ UpGuard analyst Chris Vickery discovered a publicly exposed S3 file repository containing credentials and SSH keys tied to systems used by US geospatial intelligence contractors. The plaintext data included access tokens and administrative credentials that could enable entry to systems handling Top Secret-level data. NGA secured the bucket rapidly after notification; Booz Allen Hamilton responded later. UpGuard preserved the dataset at government request.

GoDaddy AWS Configuration Data Exposed in Public S3

🔓 The UpGuard Cyber Risk Team discovered a publicly accessible Amazon S3 bucket that contained detailed configuration spreadsheets appearing to describe GoDaddy infrastructure running in the AWS cloud. The files included over 24,000 hostnames and 41 configuration fields per system, plus modeled financials and apparent AWS discounting—information useful for targeted attacks or competitive intelligence. GoDaddy closed the exposure after notification; no credentials were found, but the incident highlights the severe consequences of cloud misconfiguration at scale.

Misconfigured Amazon S3 Exposed Tea Party Campaign Data

🔓 On August 28, 2018 the UpGuard Cyber Risk team discovered a publicly readable Amazon S3 bucket named tppcf containing roughly 2GB of campaign files belonging to the Tea Party Patriots Citizens Fund (TPPCF). The data included call lists with full names and phone numbers for about 527,000 individuals, along with strategy documents, call scripts, and marketing assets. UpGuard notified TPPCF on October 1; permissions were briefly set to allow global authenticated users and then removed by October 5. The incident illustrates how cloud misconfiguration can expose sensitive political microtargeting data and create significant privacy risks.

Leakzone Elasticsearch Exposure Reveals Visitor IP Logs

🔎 UpGuard discovered an unauthenticated Elasticsearch index containing roughly 22 million web-request records, of which about 95% referenced leakzone.net. The logs included client IP addresses, destination domains, request sizes, geolocation data and ISP metadata, spanning June 25 to discovery on July 18, with about one million requests per day. Analysis found extensive use of public proxies and clustered VPN exit nodes, alongside many one-off IPs likely representing direct users. The dataset raises privacy and operational concerns for visitors, service operators, and investigators.

Top Secret INSCOM Data Exposed via Public AWS S3 Repository

🔓 On September 27, 2017, UpGuard researcher Chris Vickery discovered an Amazon S3 bucket at the AWS subdomain "inscom" that was publicly accessible and contained 47 entries with three downloadable files. One download, an .ova virtual appliance named "ssdev," included a virtual hard drive with partitions and metadata labeled Top Secret and NOFORN. The exposed assets also contained private keys, hashed passwords, a ReadMe referencing the Pentagon cloud project Red Disk, and a classification-training snapshot. UpGuard notified INSCOM and the repository was promptly secured.

Public Exposure of Tetrad Consumer Data Sets in S3

🔓 UpGuard Research discovered a publicly accessible Amazon S3 bucket containing detailed consumer data attributed to Tetrad, including files derived from Experian Mosaic, Claritas/PRIZM, and client-supplied datasets covering over 120 million U.S. household records. The exposure included full names, addresses, gender, Mosaic codes, and retailer account and purchase information. UpGuard notified Tetrad in early February and, after repeated contact, the company removed public access and secured the bucket. The dataset's breadth raises significant privacy and targeted-risk concerns for individuals and communities.

Neoclinical Database Exposed Sensitive Health Data

🔒 UpGuard researchers discovered a publicly accessible MongoDB database belonging to Neoclinical, exposing profiles for 37,170 users in Australia and New Zealand. Records included names, contact details, geocoordinates, dates of birth and structured health-screening answers that revealed diagnoses and treatments. UpGuard notified the company and AWS; access was removed on July 26. The exposure underscores the need for proper access controls and rapid incident response.

AggregateIQ GitLab Leak Reveals Political Targeting Tools

🔓 The UpGuard Cyber Team discovered a publicly accessible GitLab repository belonging to AggregateIQ that exposed code, tools, and credentials used in political data operations. The leak includes an apparent campaign platform called Ripon, state configuration files, voicemail scripts, and integrations for services like Twilio and Facebook. Exposed keys, tokens, and AWS credentials raise risks of misuse and highlight ties between AIQ and Cambridge Analytica that warrant further investigation.

Viacom Cloud Leak Exposed Master Controls and Keys

🔒 UpGuard researchers discovered on August 30, 2017 a publicly accessible Amazon S3 bucket named “mcs-puppet” containing seventy-two .tgz backup archives that included Puppet manifests, configuration files, keys, and credentials tied to Viacom. The repository exposed AWS access and secret keys, GPG decryption keys, and scripts referencing services such as Docker, Jenkins, Splunk, and New Relic. UpGuard notified Viacom on August 31, and the exposure was secured within hours. The incident demonstrates how cloud misconfigurations can reveal master provisioning controls and enable widespread infrastructure compromise.

Medico Inc. S3 Misconfiguration Exposes Patient Data

🔓 Medico Inc. left an Amazon S3 bucket publicly accessible, exposing nearly 14,000 documents (approximately 1.7GB) that included medical records, insurance claims, legal files, and internal business data. The UpGuard Data Breach Research Team discovered the bucket on June 20, 2019, and Medico closed it within hours after notification. The dataset contained unredacted PII such as SSNs, bank account numbers, and payment card data, and also included plaintext credentials that could enable further compromise.

Amazon Engineer Exposed Credentials via Public GitHub Repo

🔒 UpGuard discovered a public GitHub repository on 13 January 2020 containing an Amazon Web Services engineer’s personal identity documents and numerous system credentials. The repository included AWS key pairs (including a file named rootkey.csv), API tokens, private keys, passwords, logs, and customer-related templates. UpGuard reported the exposure to AWS Security within hours and the repository was secured the same day. The incident highlights how rapid leak detection can prevent accidental disclosures from escalating.

AggregateIQ Repositories Expose Multiple Brexit Sites

📂 UpGuard's analysis of exposed development repositories from AggregateIQ details source code, backups, and credentials tied to multiple pro-Brexit organizations. The findings show WordPress backups, API keys, Stripe secrets, and scripts used to build and contact supporter lists, with administrative accounts linking AIQ staff to sites such as Vote Leave, Change Britain, and the DUP. Misuse of the exposed assets could have allowed large-scale data access or payment compromise.

HCL Exposed New-Hire Passwords and Project Reports

🔓 In May 2019 UpGuard researchers discovered publicly accessible HCL pages that exposed personal information, plaintext passwords for new hires, and detailed project reports. The data was dispersed across multiple subdomains and web UIs, including HR dashboards, recruiting approval panels, and a SmartManage reporting interface. After notifying HCL's Data Protection Officer, the researcher confirmed the anonymous-access pages were taken offline within days. The incident underscores the risk of misconfigured application pages and the importance of clear reporting channels and prompt incident response.

LA County 211 Data Exposure: Emergency Call Records

🔒 The UpGuard Cyber Risk Team discovered an Amazon S3 bucket for LA County 211 that was publicly accessible and contained Postgres backups and CSV exports with sensitive data. A 1.3GB t_contact export included millions of records, roughly 200,000 detailed call notes and 33,000 Social Security numbers, alongside 384 user accounts with MD5-hashed passwords. The exposure dated from 2010–2016; UpGuard notified the service in March–April 2018 and confirmed the bucket was closed within 24 hours of contact.

Phishers Target Aviation Executives, Steal Customer Funds

📧 A targeted phishing campaign compromised an aviation executive’s Microsoft 365 credentials, allowing attackers to mine past invoice conversations and send convincing fake invoice requests to customers. Within hours the fraudsters registered a near‑identical domain and at least one customer paid a six‑figure phony invoice. Investigation links the registration details to a long‑running Nigerian BEC ring identified as SilverTerrier; firms are urged to combine employee training, domain monitoring and rapid use of the Financial Fraud Kill Chain to improve recovery chances.