• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 17th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Science

Unprotected AWS Bucket Exposes 50.4 GB of Financial Giant’s Data

February 28th, 2018 Waqas Leaks, Science 0 comments
Unprotected AWS Bucket Exposes 50.4 GB of Financial Giant’s Data
Share on FacebookShare on Twitter

Another day, another AWS Bucket exposed to the public – This time the AWS Bucket belonged to Birst.

The Cyber Risk Team at Cloud security firm UpGuard have discovered a massive trove of data exposed due to an unprotected Amazon Web Services (AWS) S3 bucket. The database belonged to Birst, a Cloud Business Intelligence (BI) and Analytics firm.

The exposed database contained 50.4 GB worth of data of one of Birst’s users Capital One, a McLean, Virginia based financial services giant and eighth-largest commercial bank in the United States. The leaked data contained technical information on Birst appliance specially configured for Capital One’s cyberinfrastructure.

According to the official blog post from UpGuard, the data also contained passwords, administrative access credentials and private keys for use within Capital One systems by an on-premise Birst cloud environment. The exposed data was enough to guide an attacker on how Brist appliance used by Capital One could have been compromised and to dig deeper into the company’s IT system.

The data was discovered on January 15th, 2018 by Chris Vickery, Director of Cyber Risk Research at UpGuard and located at the subdomain “capitalone-appliance” and allowing anyone to access. 

One of the files identified by Vickery was labeled “Client.key” carrying encryption key to decrypt data. However, the key was stored with the encrypted appliance which could have allowed hackers to decrypt the encrypted appliance. This is like leaving the key and its lock in public”, explained Vickery.

Furthermore, Vickery claimed to identify usernames and their hashed password used by the company in the database for the appliance.

“Taken in full, the exposed Birst appliance provides a roadmap of where attackers would want to focus their energies in seeking to compromise Capital One’s wider systems. Of greatest interest are the locations of the ports connecting the Birst appliance with the other services that would feed its business intelligence dashboards,” said Vickery.

“The good news is that one would first need to compromise Capital One’s network to use the leaked credentials to attempt to compromise the Birst appliance. In itself, this cloud leak does not expose the private information stored in those other systems. Rather, this leak multiplies the effect of any successful attack– whether through phishing, malware, social engineering, or insider threat- to a potentially catastrophic scale, Vickery concluded.”

Remember, an exposed AWS bucket can now be used for cryptocurrency mining, for instance, a week ago Tesla, Inc.’s Amazon account was hacked to mine Monero coins. The incident also exposed company’s sensitive data in an Amazon S3 bucket.

Moreover, on 24th February a researcher identified a misconfigured Amazon AWS S3 storage bucket belonging to Los Angeles Times newspaper that was being used by hackers to mine Monero using CoinHive’s Javascript code. The code allowed hackers to mine Monero coins using the computer power of LA Time website visitors.

Update, 10:19 PM (UTC)

UpGuard has deleted their blog post about Birst’s exposed database. Originally, the post was available at this link. Also, the banking giant Capital One has denied its data was ever leaked. 

In an email to HackRead.com, spokeswoman for Capital One said that “At no time was any Capital One information exposed. This was simply an instance of a vendor’s software that was hosted in their cloud environment. The referenced passwords and credentials are generic and are used for installing this software. As a matter of standard practice, Capital One changes all default settings, including credentials, prior to deploying third-party software. Because of this, there is no impact to the security of Capital One systems and data.” 

Update 2 (10:57 PM, UTC)

UpGuard has now restored and updated its blog post according to which “Capital One has reached out to UpGuard to provide further comments on the intended use of the Birst appliance in their environment. This post will be updated as we receive more information from Capital One.” 

You can access their blog post here.

Image credit: Shutterstock

  • Tags
  • Amazon
  • AWS
  • Business
  • cloud
  • Cyber Attack
  • LEAKS
  • Privacy
  • security
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article New Android malware record voice calls for extortion & blackmailing
Next article Personal Data of 21,426 US Marine Force Reserve Personnel Leaked
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Chinese firm leaked 200m Facebook, Instagram, LinkedIn users' data

Chinese firm leaked 200m Facebook, Instagram, LinkedIn users' data

Security researchers claims downloading 70TB of sensitive Parler data

Security researchers claims downloading 70TB of sensitive Parler data

Nissan source code leaked after it used "admin" as username, password

Nissan source code leaked after it used "admin" as username, password

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
UK Police mistakenly deleted 150,000 arrest records in software glitch
Technology News

UK Police mistakenly deleted 150,000 arrest records in software glitch

2185
Facebook sues developer of data scraping extensions for Chrome
Cyber Crime

Facebook sues developer of data scraping extensions for Chrome

3247
Warning as hackers breach MFA to target cloud services
Cyber Attacks

Warning as hackers breach MFA to target cloud services

5095

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us