< ciso
brief />
Tag Banner

All news with #secret exposure tag

76 articles · page 4 of 4

Azure AD Client Credentials Exposed in Public appsettings

🔒 Resecurity’s HUNTER Team discovered that ClientId and ClientSecret values were inadvertently left in a publicly accessible appsettings.json file, exposing Azure AD credentials. These secrets permit direct authentication against Microsoft’s OAuth 2.0 endpoints and could allow attackers to impersonate trusted applications and access Microsoft 365 data. The exposed credentials could be harvested by automated bots or targeted adversaries. Organizations are advised to remove hardcoded secrets, rotate compromised credentials immediately, restrict public access to configuration files and adopt centralized secrets management such as Azure Key Vault.
read more →

TeaOnHer App Replicates Tea's Functionality and Breaches

🛡️ TeaOnHer, a recent iOS knock‑off of the controversial dating app Tea, has been found exposing sensitive user data. TechCrunch reported government IDs, driving licences and selfies accessible via a public web endpoint with no authentication, and the app appears to copy wording and features from the original. Newville Media did not respond to disclosure attempts, and an exposed admin credential pair was found on the company server. Until these failures are addressed, users should avoid Tea-related apps.
read more →

AggregateIQ Exposure Reveals Canadian Campaign Assets

🔒 The UpGuard Cyber Risk Team discovered an unsecured AggregateIQ (AIQ) code repository containing site backups, API keys, SSL private keys, and other sensitive assets tied to multiple Canadian campaigns and parties. Exposed files included WordPress backups, donation processor keys (Stripe), NationBuilder tokens, and PEM private keys that could enable impersonation or account takeover. The findings illustrate significant third‑party vendor risk and raise regulatory and public‑interest concerns about how AggregateIQ managed client credentials and campaign tooling.
read more →

HR Data Exposure: How Employees and Clients Are Affected

🔒 UpGuard’s Cyber Risk Research team discovered and secured a public GitHub exposure containing sensitive employee and customer data belonging to OneHalf, a business process outsourcing firm in the APAC region. The principal artifact was the HRIS project, including a 1.2MB database dump (hrisdb-02012018.sql) with detailed personal records for roughly 250 employees, extensive medical histories, emergency contacts, and 300 usernames with plaintext passwords. A related repo, ohserviceform, listed 28 client companies and plaintext banking account numbers, increasing the risk of financial fraud. UpGuard notified OneHalf and the repositories were secured by August 22, 2018.
read more →

Top Secret INSCOM Data Exposed via Public AWS S3 Repository

🔓 On September 27, 2017, UpGuard researcher Chris Vickery discovered an Amazon S3 bucket at the AWS subdomain "inscom" that was publicly accessible and contained 47 entries with three downloadable files. One download, an .ova virtual appliance named "ssdev," included a virtual hard drive with partitions and metadata labeled Top Secret and NOFORN. The exposed assets also contained private keys, hashed passwords, a ReadMe referencing the Pentagon cloud project Red Disk, and a classification-training snapshot. UpGuard notified INSCOM and the repository was promptly secured.
read more →

AggregateIQ Repositories Expose Multiple Brexit Sites

📂 UpGuard's analysis of exposed development repositories from AggregateIQ details source code, backups, and credentials tied to multiple pro-Brexit organizations. The findings show WordPress backups, API keys, Stripe secrets, and scripts used to build and contact supporter lists, with administrative accounts linking AIQ staff to sites such as Vote Leave, Change Britain, and the DUP. Misuse of the exposed assets could have allowed large-scale data access or payment compromise.
read more →

Marketing PR Platform Exposed Data of Hundreds of Thousands

🔓 UpGuard identified an Amazon S3 bucket tied to iPR Software that publicly exposed over a terabyte of files, including a 17 GB MongoDB backup. The collection contained 477,000 media contacts, approximately 35,000 hashed passwords, client marketing assets, internal PR strategy documents, and credentials for Google, Twitter, and a MongoDB host. UpGuard notified iPR in October 2019; public access was removed in late November after follow-up and media engagement.
read more →

AggregateIQ: Exposed Targeting Tools 'Monarch' and Saga

🔍 AggregateIQ's public repository exposed sophisticated ad and tracking tools linked to political campaigns. The Saga suite automates Facebook ad scraping, performance reconciliation, and asset backup, while Monarch provides pixel-based tracking (Jewel, Peasant) and a microservice stack (Peon) for event ingestion and enrichment. The codebase included credentials and configs enabling fine-grained targeting, though working user datasets were not present. The exposure raises significant privacy and electoral concerns.
read more →

AggregateIQ GitLab Leak Reveals Political Targeting Tools

🔓 The UpGuard Cyber Team discovered a publicly accessible GitLab repository belonging to AggregateIQ that exposed code, tools, and credentials used in political data operations. The leak includes an apparent campaign platform called Ripon, state configuration files, voicemail scripts, and integrations for services like Twilio and Facebook. Exposed keys, tokens, and AWS credentials raise risks of misuse and highlight ties between AIQ and Cambridge Analytica that warrant further investigation.
read more →

Amazon Engineer Exposed Credentials via Public GitHub Repo

🔒 UpGuard discovered a public GitHub repository on 13 January 2020 containing an Amazon Web Services engineer’s personal identity documents and numerous system credentials. The repository included AWS key pairs (including a file named rootkey.csv), API tokens, private keys, passwords, logs, and customer-related templates. UpGuard reported the exposure to AWS Security within hours and the repository was secured the same day. The incident highlights how rapid leak detection can prevent accidental disclosures from escalating.
read more →

Viacom Cloud Leak Exposes AWS Keys and Puppet Data

🔒 An UpGuard researcher discovered a publicly accessible Amazon S3 bucket exposing Viacom’s internal provisioning and cloud credentials. The archive—found under the subdomain "mcs-puppet"—contained seventy-two incremental .tgz backups with Puppet manifests, configuration files, GPG decryption keys and the AWS access key and secret. Viacom was notified on August 31, 2017 and the exposed buckets were secured within hours, preventing active compromise.
read more →

Amazon Engineer Exposed Credentials in Public GitHub Repo

⚠️ UpGuard identified on 13 January 2020 a public GitHub repository containing sensitive material tied to an Amazon Web Services engineer. The repo, roughly 954 MB when downloaded, included personal identity documents, bank statements, log files, AWS key pairs (including a file labeled rootkey.csv), private keys, passwords and third-party API tokens. UpGuard analysts detected the exposure within half an hour, notified AWS Security early that afternoon, and the repository was taken out of public view the same day. Rapid detection and remediation appear to have prevented escalation; there is no evidence of malicious intent or end-user data compromise.
read more →

Top-Secret INSCOM Data Exposed via Public S3 Bucket

🔐 UpGuard discovered a publicly accessible Amazon S3 bucket tied to the United States Army Intelligence and Security Command (INSCOM) that contained clearly classified material, including an Oracle virtual appliance (.ova) with partitions labeled Top Secret and NOFORN. Downloadable artifacts included a plaintext ReadMe referencing the Red Disk cloud platform and a .jar used for intelligence tagging. The exposure also revealed private keys and hashed passwords linked to a third-party contractor. UpGuard notified INSCOM and the bucket was secured to prevent further access.
read more →

Nokia/MTS Telecom Inventory Exposure Reveals SORM Data

🔒 UpGuard discovered and secured a 1.7 TB publicly accessible storage repository that contained detailed documentation of telecommunications infrastructure across Russia, including schematics, administrative credentials, email archives and photographs. The dataset, hosted on an rsync server, appears to relate primarily to projects by Nokia and carrier MTS. Files included installation instructions and images for SORM interception hardware, raising significant operational and national-security risks. UpGuard notified Nokia and access was closed within days.
read more →

Accenture Cloud Buckets Exposed Sensitive Credentials

🔒 UpGuard discovered four publicly accessible AWS S3 buckets belonging to Accenture, exposing API keys, certificates, decryption keys, plaintext passwords, and customer data associated with the Accenture Cloud Platform. The discovery was made in mid-September 2017 and reported to Accenture, which secured the buckets the following day. Exposed artifacts included master KMS keys, VPN credentials, logs, and private signing keys that could enable impersonation and secondary attacks against clients.
read more →

AggregateIQ Repositories Expose Brexit Campaign Sites

🔍 This report details UpGuard's review of publicly downloadable development repositories from data analytics firm AggregateIQ, which contained source code, WordPress backups, database exports, and credentials tied to multiple UK political sites. The exposed repositories appear to link AIQ to web assets for several pro-Brexit groups and campaigns. Sensitive items found include API tokens, payment keys, and admin accounts that, if abused, could grant access to live systems and supporter data. The report highlights misconfiguration and credential management failures with potential regulatory consequences under GDPR.
read more →