A US-based used electronics retailer has exposed over 2.6 million files, including ID cards and biometric images, after a misconfigured AWS S3 bucket was discovered. For background, a random scan for server vulnerabilities led to the discovery of the wide-open S3 bucket on October 12, 2020. The company itself appeared to be shuttered, with an invalid contact email and its website offline, but Website Planet contacted AWS two days later and the issue was eventually remediated. There were 80,000 or so images of personal identification cards such as driver’s licenses, and 10,000 fingerprint scans included in the millions of files found in the database
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
