S3 Buckets exposed

Three misconfigured AWS S3 buckets exposed US military archives of an astounding size.

As The Register reports, security researcher Chris Vickery discovered the exposed data during a scan and found “dozens of terabytes” of social media posts and similar content used by the US military to identify/profile persons of interest. 

The exposed S3 buckets were named centcom-backup, centcom-archive, and pacom-archive.

Update (11/20): “In a prepared statement CENTCOM spokesperson Maj. Earl Brown said the information collected was ‘not sensitive’ and was not collected or processed for any intelligence purposes,” Threatpost reported after the S3 leak was exposed. 

In another instance the Australian Broadcasting Corporation (ABC) also leaked sensitive data online through a publicly accessibly Amazon Web Services (AWS) S3 bucket, Tripwire reports. 

The leaked data included thousands of logins, usernames, hashed passwords, and 1,800 daily MySQL database backups going back to 2015. 

Leave a Comment

Your email address will not be published. Required fields are marked *