The clients affected by the incident involving a misconfigured Amazon S3 bucket include Global 500 company Ericsson and Fortune 500 company Cisco.
IT security researchers at Website Planet Security Team discovered a misconfigured Amazon S3 bucket that was owned by D.W. Morgan, a supply chain management and logistics giant D.W. Morgan. The company is headquartered in Pleasanton, California with global operations.
According to researchers, the database contained more than 100 GB worth of data with 2.5 million files detailing financial, shipment, transportation, personal and sensitive records belonging to D.W. Morgan’s employees and clients worldwide. These included Global 500 company Ericsson and Fortune 500 company Cisco.
Although, the database was discovered on November 12th, 2021 the details of it were only shared by Website Planet last week.
About exposed data
What’s worse is that the bucket remained exposed to the public without any security authentication or password meaning anyone with knowledge of how AWS buckets function could have accessed the data.
Full list of what type of data was exposed during misconfiguration:
- Full names
- Phone numbers
- Goods ordered
- Cargo damages
- Process photos
- Process details
- Billing addresses
- Dates of invoices
- Shipping barcodes
- Unknown documents
- Delivery addresses
- Facility locations
- Photos of shipments
- Prices paid for goods
- Photos of package labels
- Images of on-site documents
- Transportation plans & agreements.
The screenshot below is one of the examples of what type of data was exposed. The first screenshot shows various locations of companies, while the second screenshot shows the Cisco invoice of $350,000 to D.W. Morgan.
Good news and bad news
The good news is that D.W. Morgan secured the database within four days of the initial alert sent by Website Planet. However, it is unclear whether the database was accessed by malicious threat actors during the period of exposure.
Nevertheless, if you are one of D.W. Morgan’s employees or clients, you should be on alert. One can also expect a sudden rise in phishing scams, spam attacks, or malicious emails loaded with malware.
In its blog post, Website Planet Security Team also emphasized that “Businesses should educate employees about the threat of phishing, malware, scams, and other forms of cybercrime. In addition, exposed companies could implement systems that allow employees to authenticate themselves when contacting one another via phone or email.”