< ciso
brief />
Tag Banner

All news with #third party risk tag

86 articles · page 5 of 5

AggregateIQ exposure: Canadian political campaign data

🔐 The UpGuard Cyber Risk Team discovered exposed repositories belonging to AggregateIQ that contained website code, backups, credentials and tokens associated with multiple Canadian political campaigns and parties. Exposed artifacts included Stripe secret keys, private SSL keys, NationBuilder/Helcim/SendGrid tokens, WordPress database credentials, and admin accounts tied to aggregateiq.com. The incident highlights third-party vendor risk and the need for tighter controls on credentials and repository configurations.
read more →

Verizon Cloud Leak: NICE Systems Exposed Customer Data

🔓 UpGuard discovered an Amazon S3 repository owned by NICE Systems that left call-support logs for Verizon publicly accessible. The exposed files contained names, addresses, phone numbers, account details and many unmasked account PINs tied to phone numbers, creating a significant risk of account takeover. UpGuard notified Verizon and the bucket was secured; the incident highlights third-party cloud misconfiguration risk and the need for stronger vendor controls.
read more →

Public S3 Exposure Tied to Booz Allen and NGA Incident

🔒 UpGuard’s Cyber Resilience Team discovered a publicly exposed Amazon S3 repository containing plaintext SSH keys and administrative credentials tied to a Booz Allen engineer and contractor metadata pointing to NGA‑related projects. After initial notification to Booz Allen, UpGuard escalated the issue to the NGA, which secured the repository within minutes. Booz Allen acknowledged the report later that day, and UpGuard preserved the downloaded dataset at the government’s request. The incident highlights the real‑world risk of simple misconfiguration and third‑party vendor security posture.
read more →

PQE Data Exposure Reveals Critical Infrastructure Details

⚠️ The UpGuard Cyber Risk Team discovered a publicly accessible rsync repository belonging to Texas-based Power Quality Engineering (PQE) that exposed sensitive electrical infrastructure data for clients including Dell, Oracle, and Texas Instruments. Up to 205 GB of reports, schematics, infrared imagery and a plaintext file of internal passwords were downloadable. The exposure, discovered on July 6, 2017 and remediated after notification, illustrates vendor risk and misconfigured services. Recommended mitigations included restricting rsync access, enforcing authentication and network ACLs, and implementing continuous vendor monitoring.
read more →

Mass Facebook App Data Exposed in Two Third-Party Leaks

🔓 Two third-party Facebook app datasets were publicly exposed via misconfigured Amazon S3 buckets, including a 146 GB collection from Cultura Colectiva containing over 540 million records of comments, likes, reactions, account names and Facebook IDs. A separate backup from the At the Pool app contained fields such as fb_friends, fb_likes, fb_photos and plaintext passwords for roughly 22,000 users. UpGuard notified the app owners and AWS in January; the larger bucket was not secured until early April after media inquiry. These exposures highlight enduring risks from third-party access to platform data and misconfigured cloud storage.
read more →

Alteryx Cloud Leak: 123M U.S. Household Records Exposed

🔓 UpGuard discovered a publicly exposed AWS S3 repository tied to Alteryx that contained a 36 GB ConsumerView dataset from Experian alongside 2010 US Census data. The exposure included over 123 million U.S. household records with detailed demographics, financial indicators, and proprietary segmentation that increased risk of fraud and identity theft. After notification, Alteryx secured the bucket; UpGuard highlights vendor-risk management and continuous monitoring to prevent similar incidents.
read more →