Ethical researchers at the Massachusetts software company WizCase, discovered over 1,000 GB of data belonging to over 100 local municipalities across the Northeast in misconfigured Amazon S3 buckets. The over 1.6 million files were open to anyone. It appears that the commonly used municipal mapping program, Mapsonline.net, was storing unencrypted public data with no password or login required for access.
Almost every city in the US has put their residents’ data online in a form of GIS based mapping. These apps allow user access to individual property data on any property, generally without any password or login. This is “public record” data that historically was available in bound form at the local City or Town hall.
Now that it’s aggregated and online, it’s readily available to be weaponized for “from your City Hall” phishing attacks, synthetic identity creation, and other types of cybercrime. Experts provide insight as part of expert comments series.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.