List of S3 Hacks

Related tags

Security related resourcess3-leaks
Overview

s3-leaks

List of AWS S3 Leaks

Feel free to send in a PR if you know of other leaks

Date Description Notes
Aug2020 S3 bucket mess up exposed 182GB of senior US, Canada citizens data The misconfigured S3 bucket was owned by SeniorAdvisor, a consumer ratings and reviews website.
July2020 Twilio: Someone broke into our unsecured AWS S3 silo, added 'non-malicious' code to our JavaScript SDK Attackers tried to update the javascript library hosted on the s3 buckets so this can be picked up by other clients
Jan 2020 "Exposed AWS buckets again implicated in multiple data leaks" Passport scans, tax documents, background checks, job applications, expense claims, contracts, emails and salary details relating to thousands of consultants working in the UK were exposed.
June 2020 "7.2 million records were exposed, but not from the BHIM app"
Oct 2018 Misconfigured database breaches thousands of MedCall Advisors patient files names, email and postal addresses, phone numbers, dates of birth and Social Security numbers. Other files had recordings of patient evaluations and conversations with doctors, along with medications, allergies and other detailed personal health data.
Jun 2019 AWS S3 server leaks data from Fortune 100 companies: Ford, Netflix, TD Bank Attunity, an Israeli IT firm that provides data management, warehousing, and replication services for the world's biggest companies, has exposed some of its customers' data after it left three Amazon S3 buckets exposed on the internet without a password.
May 2019 How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups
Mar 2018 Medical Records and Patient-Doctor Recordings Were Exposed information for employees of 181 business locations, as well as personally identifiable information (PII) for nearly 3,000 individuals was publicly exposed in an unsecured
Mar 2018 Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users addresses, zip-codes, e-mail addresses, and IP addresses. He also claims the database contained plaintext passwords
Feb 2018 S3 bucket open to world : Octoly real names, addresses, phone numbers, email addresses
Jan 22 Sensitive medical records on AWS bucket found to be publicly accessible
Dec 2017 Alteryx leave S3 bucket open for anonymous user : 120m american households exposed Home addresses, contact information, mortgage status, financial histories
Nov 2017 111 GB of internal customer information from National Credit Federation, a Tampa, Florida-based credit repair service - SSN - Drivers licesne, credit reports
Nov 2017 Uber, the hack happend couple months back was brought to light in Nov 2017> personal information of 57 million Uber users and driver's license numbers
Nov 2017 NSA leak exposes Red Disk, the Army's failed intelligence system 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk."
Nov 2017 Australia data leak: Nearly 50,000 government and private staffers’ sensitive data publicly exposed S3 bucket left open by a contractor
Oct 2017 How A Cloud Leak Exposed Accenture's Business
Oct 2017 Patient Home Monitoring Service Leaks Private Medical Data Online publically accessible Amazon S3 47.5 GB / 316,363
Sep 2017 Viacom : Open S3 bucket with AWS Keys, passwords, other sensitive info S3 bucket open to the world
Sep 2017 Leaky S3 bucket sloshes deets of thousands with US security clearance - Bucket open to the world in the test account
Sep 2017 Millions of Time Warner Cable Customer Records Exposed in Third-Party Data Leak
August 2017 Indian Creditseva Data Breach
August 2017 Open AWS S3 bucket leaked hotel booking service data
July 2017 S3 bucket was set to authenticate all AWS users, not just Dow Jones users
July 2017 Massive WWE Leak Exposes 3 Million Wrestling Fans' Addresses, Ethnicities And More
July 2017 Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet
June 2017 Personal information belonging to more than 198 million registered U.S. voters was exposed
May 2017 Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password
May 2017 Security company finds unsecured bucket of US military images on AWS
April 2017 A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed
Feb 2017 CHILDREN’S VOICE MESSAGES LEAKED IN CLOUDPETS DATABASE BREACH
Jan 2017 Paytm S3 bucket misconfiguration allowing PUT operations
March 2013 Thousands of Amazon S3 buckets left open exposing private data

Elastic Search

Date Description Notes
Sep 2017 AWS hosted elastic search servers hijacked
Owner
Nag
Nag
GitHub Repository
Python low-interaction honeyclient

Thug The number of client-side attacks has grown significantly in the past few years shifting focus on poorly protected vulnerable clients. Just as th

Angelo Dell'Aera 896 Dec 19, 2022
A collection of intelligence about Log4Shell and its exploitation activity

Log4Shell-IOCs Members of the Curated Intelligence Trust Group have compiled a list of IOC feeds and threat reports focused on the recent Log4Shell ex

Curated Intel 172 Nov 17, 2022
QHack-2022 - Solutions to the Coding Challenges of QHack 2022

QHack 2022 Problems from Coding Challenges 2022. Rules and how it works To test

Isacco Gobbi 1 Feb 14, 2022
🍉一款基于Python-Django的多功能Web安全渗透测试工具,包含漏洞扫描,端口扫描,指纹识别,目录扫描,旁站扫描,域名扫描等功能。

Sec-Tools 项目介绍 系统简介 本项目命名为Sec-Tools,是一款基于 Python-Django 的在线多功能 Web 应用渗透测试系统,包含漏洞检测、目录识别、端口扫描、指纹识别、域名探测、旁站探测、信息泄露检测等功能。本系统通过旁站探测和域名探测功能对待检测网站进行资产收集,通过端

简简 300 Jan 07, 2023
A python module for retrieving and parsing WHOIS data

pythonwhois A WHOIS retrieval and parsing library for Python. Dependencies None! All you need is the Python standard library. Instructions The manual

Sven Slootweg 384 Dec 23, 2022
NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

NoSecerets NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat How does it work? Instead of taking

DosentTrust GithubDatabase 9 Jul 04, 2022
To explore creating an application that detects available connections at once from wifi and bluetooth

Signalum A Linux Package to detect and analyze existing connections from wifi and bluetooth. Also checkout the Desktop Application. Signalum Installat

BISOHNS 56 Mar 03, 2021
Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile.

Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile. It effectively runs its own MDM server and allows the operator to interface with it using Mythic.

Mythic Agents 37 Dec 06, 2022
A forensic collection tool written in Python.

CHIRP A forensic collection tool written in Python. Watch the video overview 📝 Table of Contents 📝 Table of Contents 🧐 About 🏁 Getting Started Pre

Cybersecurity and Infrastructure Security Agency 1k Dec 09, 2022
This a simple tool XSS Detection Suite for CTFs games

This a simple tool XSS Detection Suite for CTFs games

Mostafa 2 Nov 24, 2021
Sentinel-1 SAR time series analysis for OSINT use

SARveillance Sentinel-1 SAR time series analysis for OSINT use. Description Generates a time lapse GIF of the Sentinel-1 satellite images for the loca

21 Dec 09, 2022
exchange-ssrf-rce

Usage python3 .\exchange-exp.py -------------------------------------------------------------------------------- |

Jen 76 Nov 09, 2022
VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit

Vortex VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit Overview A very simple Python framework, inspired by SprayingToolkit,

315 Dec 28, 2022
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an

Ayoub 861 Feb 18, 2021
xp_CAPTCHA(白嫖版) burp 验证码 识别 burp插件

xp_CAPTCHA(白嫖版) 说明 xp_CAPTCHA (白嫖版) 验证码识别 burp插件 安装 需要python3 小于3.7的版本 安装 muggle_ocr 模块(大概400M左右) python3 -m pip install -i http://mirrors.aliyun.com/

算命縖子 588 Jan 09, 2023
Auerswald COMpact 8.0B Backdoors exploit

CVE-2021-40859 Auerswald COMpact 8.0B Backdoors exploit About Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow a

6 Sep 22, 2022
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

Krypt0mux 162 Nov 25, 2022
Script Crack Facebook Elite 🚶‍♂

elite Script Crack Facebook Elite 🚶‍♂ Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install git $ pkg install python $ pip

Yumasaa 1 Jan 02, 2022
Seamless deployment and management of cybersecurity solutions 🏗️

Description 🖼️ Background 👴🏼 Vision 📜 Concepts 💬 Solutions' Lifecycle. Operations ⭕ Functionalities 🚀 Supported Cybersecurity Solutions 📦 Insta

MutableSecurity 36 Nov 10, 2022
IDA Pro Python plugin to analyze and annotate Linux kernel alternatives

About This is an IDA Pro (Interactive Disassembler) plugin allowing to automatically analyze and annotate Linux kernel alternatives (content of .altin

Open Source Security, Inc. 16 Oct 12, 2022