Sprint contractor exposed to a ton of cell phone bills stored in the Amazon cloud
can be formed out of the data stored in the cloud by a Sprint contractor, with hundreds of thousands of cell phone bills of US citizens, was exposed to, and potentially by anyone for an indefinite period of time, it has.
As TechCrunch reported, the cache with data held in an AWS bucket, essentially, an area of storage in the Amazon cloud platform consisted of over 260,000 documents, most of which have been phone bill from AT&T, Verizon and T-Mobile customers that stretches back for up to four years in some cases.
The bills contain a lot of confidential information, as you can imagine, including names, addresses and call lists. Other sensitive material was available, in addition to the invoices, such as account statements, and also a screenshot of the online user names and passwords for the customer accounts.
This bucket should be private, that is clear, but can sometimes be incorrectly configured, with the content that was inadvertently left open to potential public viewing. In this case, it was Fidus information security, the front of the exposed data.
would The UK-based penetration testing-security-outfit – probes and rating of commercial networks, by the introduction of simulated attacks against them – in front of the bucket and reported the problem to Amazon, the fast, the hole closed, as you would expect.
There is a hole in the bucket, dear Liza…
Amazon did not disclose the name of the owner of the bucket, but by the examination of a file and then entering a little detective work, TechCrunch found that the owner was Deardorff communications, marketing Agency, which handles deals for Sprint.
This went with Sprint-branded found files in the cache files indicated that all of these phone bills are collected, to allow you to as part of a bid to change the people in question from their current network provider, Sprint, with Sprint paying off the early termination fee, allowing the subscriber to move. This is a common incentive in the mobile industry.
The President of Deardorff communications, Jeff Deardorff, confirmed to TechCrunch that its marketing company had the bucket in question, and that the public access has now been shut down.
He said: “I started an internal investigation to determine the cause of this problem, and we are also reviewing our policies and procedures to ensure that something like this happens again.”
He would not, however, be drawn to comment on whether the people would which include the bills, about the possible exposure of their sensitive data.
Amazon was busy, many of the revelations about their AWS re:Invent 2019 conference-and funnily enough, one of those was the Start of the Access Analyzer, a new security tool for customers, the S3 cloud storage.
This tool keeps a watchful eye out for the error configurations of the bucket and is potentially exposed to, data that identify you and to block you just with a single click.
Leaky buckets have been a big problem for a large number of organizations over the years, making a lot of breaches of data security, and, hopefully, this security utility will help to ensure that such incidents much less likely.
Released on Fri, 06 Dec 2019 19:38:09 +0000