All news with #data leak tag

Massive CENTCOM/PACOM Cloud Leak Exposes Billions of Data

🔍 UpGuard discovered three publicly accessible Amazon S3 buckets associated with CENTCOM and PACOM that contained a vast corpus of scraped internet posts. One bucket alone held an estimated 1.8 billion records spanning 2009–2017, including news articles, forum threads, comment sections and social media posts. Configuration files and folders referenced a contractor, VendorX, and projects named Outpost and Coral, while Lucene indexes indicated the data was organized for search. UpGuard notified the Defense Department and the buckets were secured.

PQE Data Exposure Reveals Critical Infrastructure Details

⚠️ The UpGuard Cyber Risk Team discovered a publicly accessible rsync repository belonging to Texas-based Power Quality Engineering (PQE) that exposed sensitive electrical infrastructure data for clients including Dell, Oracle, and Texas Instruments. Up to 205 GB of reports, schematics, infrared imagery and a plaintext file of internal passwords were downloadable. The exposure, discovered on July 6, 2017 and remediated after notification, illustrates vendor risk and misconfigured services. Recommended mitigations included restricting rsync access, enforcing authentication and network ACLs, and implementing continuous vendor monitoring.

Alteryx Cloud Leak Exposes Data on 123M Households

🔒 UpGuard discovered an Amazon S3 bucket at the subdomain 'alteryxdownload' that was misconfigured to allow any AWS 'Authenticated Users' to download its contents. The repository included Alteryx software and a 36 GB ConsumerView dataset from Experian containing 123 million household records and 248 fields. A separate file held public 2010 US Census data. Alteryx secured the bucket after notification, underscoring vendor and cloud configuration risk.

Cloud Leak Exposes Millions of Dow Jones Customer Records

🔒 A cloud-based file repository owned by Dow Jones & Company was discovered publicly accessible, exposing sensitive personal and financial details for millions of customers. UpGuard researcher Chris Vickery located an AWS S3 bucket under the subdomain dj-skynet on May 30, 2017; Dow Jones secured the repository on June 6 after notification. Exposed material included names, addresses, account identifiers, login emails, the last four digits of credit cards, and 1.6 million entries tied to Dow Jones Risk and Compliance products, illustrating the dangers of cloud misconfiguration.

The RNC Files: Largest US Voter Data Exposure Report

🔓 This UpGuard report describes a publicly accessible Amazon S3 data warehouse owned by Deep Root Analytics that contained 1.1 TB of unsecured files and linked datasets from Data Trust and TargetPoint. The exposed records included personally identifiable information for up to 198 million US voters alongside modeled political attributes and scoring. UpGuard discovered the bucket on June 12, 2017; Deep Root secured it after notification, and the report details discovery, contents, and implications for election data privacy.

Exposed Facebook User Data from Third-Party Apps Found

🔒Two exposed third-party Facebook app datasets were discovered publicly accessible, including a 146 GB dump from Cultura Colectiva containing over 540 million records of comments, likes, reactions, account names and Facebook IDs. A separate At the Pool backup held profile fields and plaintext passwords for roughly 22,000 users. Both data sets resided in publicly readable Amazon S3 buckets, illustrating how misconfigured storage and long-lived third-party copies of user data create persistent leakage risk.

Nokia/MTS Telecom Inventory Exposure Reveals SORM Data

🔒 UpGuard discovered and secured a 1.7 TB publicly accessible storage repository that contained detailed documentation of telecommunications infrastructure across Russia, including schematics, administrative credentials, email archives and photographs. The dataset, hosted on an rsync server, appears to relate primarily to projects by Nokia and carrier MTS. Files included installation instructions and images for SORM interception hardware, raising significant operational and national-security risks. UpGuard notified Nokia and access was closed within days.

Misconfigured rsync Leak Exposes One Million Education Leads

🔓 UpGuard's Cyber Risk Team discovered an exposed rsync repository tied to subsidiaries of Blue Chair LLC, including Target Direct Marketing, that revealed PII for over one million individuals seeking higher education information. The publicly accessible server included daily MySQL backups and website files, with names, emails, phone numbers and education-related lead fields. The exposure resulted from an rsync misconfiguration and highlights the need for strong vendor risk controls, data retention policies and restricted backup access.

Exposed rsync Server Leaked Oklahoma Securities Data

🔓 UpGuard's Data Breach Research team discovered and secured a publicly accessible rsync storage server containing data belonging to the Oklahoma Department of Securities. The exposure included approximately 3 TB and millions of files spanning 1986–2016, including email archives, virtual machine images, system credentials, and personal records. UpGuard identified the host via Shodan, notified state officials, and public access was removed the same day.

Data Warehouse Vendor Publicly Exposed a Terabyte of Backups

🔒 An UpGuard researcher discovered three publicly accessible Amazon S3 buckets tied to Attunity, a data integration vendor now part of Qlik. One bucket contained a sampled terabyte of backups, including roughly 750 GB of compressed email archives and OneDrive backups with system credentials, project documents, client lists, and employee PII. The researcher notified the vendor on May 16, 2019, and public access was removed the following day. The incident highlights how backup misconfigurations can expose credentials and sensitive corporate and customer data.

Accenture Cloud Buckets Exposed Sensitive Credentials

🔒 UpGuard discovered four publicly accessible AWS S3 buckets belonging to Accenture, exposing API keys, certificates, decryption keys, plaintext passwords, and customer data associated with the Accenture Cloud Platform. The discovery was made in mid-September 2017 and reported to Accenture, which secured the buckets the following day. Exposed artifacts included master KMS keys, VPN credentials, logs, and private signing keys that could enable impersonation and secondary attacks against clients.

Student Loan Servicer Breach Exposes 2.5M Consumer Records

🔒 Nelnet Servicing, the servicing and portal provider for EdFinancial and the Oklahoma Student Loan Authority, disclosed a breach affecting 2,501,324 account holders. The incident exposed names, home addresses, email addresses, phone numbers and social security numbers, but did not include users' financial account data. Nelnet said its cybersecurity team secured systems, engaged third‑party forensic experts, and offered two years of credit monitoring, credit reports and up to $1 million in identity theft insurance. Security specialists warned the exposed PII could be used in targeted phishing and social‑engineering campaigns tied to student loan forgiveness news.

LockBit, Hiveleaks and BlackBasta Drive Ransomware Spike

🚨 Ransomware activity rebounded in July, with NCC Group recording 198 successful campaigns — a 47% increase from June. The surge was led by LockBit 3.0 (62 attacks), followed by Hiveleaks (27) and BlackBasta (24), which showed rapid month‑over‑month growth. Researchers link the fluctuation to restructuring after U.S. pressure on Conti, with affiliates and replacement strains reemerging under new identities.

Mass-Scale Vulnerability in Hikvision Surveillance Cameras

🔓 Over 80,000 Hikvision surveillance cameras remain vulnerable to an 11-month-old command injection flaw tracked as CVE-2021-36260, which NIST rated 9.8/10. Researchers report evidence of criminal activity in Russian dark-web forums where leaked credentials are being sold and exploitation collaborations are solicited. The persistent exposure underscores systemic IoT weaknesses, widespread use of default credentials, and uneven patching practices that leave organizations and critical infrastructure at risk.

DSCC S3 Misconfiguration Exposes 6.2M Email Addresses

🔒 UpGuard researchers discovered an Amazon S3 bucket tied to the Democratic Senatorial Campaign Committee (DSCC) that publicly exposed about 6.2 million email addresses. The unprotected archive, EmailExcludeClinton.zip, contained a comma-separated .csv of addresses from major ISPs, universities, government and military domains and was last modified in 2010. UpGuard notified the DSCC on July 26, 2019, and the bucket was secured the same day. The incident highlights persistent operational risks in campaign data handling.

Open NAS Exposed Thousands' PII at Maryland JIA Systems

🔒 UpGuard discovered a publicly accessible network-attached storage (NAS) device belonging to the Maryland Joint Insurance Association (JIA), exposing backups and administrative files. The repository contained customer PII—including full Social Security numbers, birth dates, addresses, phone numbers, insurance policy identifiers, and check images showing full bank account numbers—alongside plaintext internal credentials and third-party access details. UpGuard notified JIA and the device was secured; the exposure highlights serious configuration and vendor-risk failures that can rapidly put vulnerable policyholders at risk.

Exposed S3 Bucket Leaked Thousands of TigerSwan Resumes

🔓 UpGuard discovered an Amazon S3 bucket publicly exposing 9,402 TigerSwan job applications and resumes, many containing sensitive personal details and hundreds of claims of Top Secret/SCI clearances. The repository, last updated in February 2017 and attributed by TigerSwan to a terminated recruiting vendor, included names, addresses, contacts, passport and partial Social Security numbers, and driver’s license data. UpGuard notified TigerSwan in July 2017; after follow-ups the files were secured on August 24, highlighting the risks of cloud misconfiguration and third-party vendor practices.