List of S3 Hacks

Related tags

Security related resourcess3-leaks
Overview

s3-leaks

List of AWS S3 Leaks

Feel free to send in a PR if you know of other leaks

Date Description Notes
Aug2020 S3 bucket mess up exposed 182GB of senior US, Canada citizens data The misconfigured S3 bucket was owned by SeniorAdvisor, a consumer ratings and reviews website.
July2020 Twilio: Someone broke into our unsecured AWS S3 silo, added 'non-malicious' code to our JavaScript SDK Attackers tried to update the javascript library hosted on the s3 buckets so this can be picked up by other clients
Jan 2020 "Exposed AWS buckets again implicated in multiple data leaks" Passport scans, tax documents, background checks, job applications, expense claims, contracts, emails and salary details relating to thousands of consultants working in the UK were exposed.
June 2020 "7.2 million records were exposed, but not from the BHIM app"
Oct 2018 Misconfigured database breaches thousands of MedCall Advisors patient files names, email and postal addresses, phone numbers, dates of birth and Social Security numbers. Other files had recordings of patient evaluations and conversations with doctors, along with medications, allergies and other detailed personal health data.
Jun 2019 AWS S3 server leaks data from Fortune 100 companies: Ford, Netflix, TD Bank Attunity, an Israeli IT firm that provides data management, warehousing, and replication services for the world's biggest companies, has exposed some of its customers' data after it left three Amazon S3 buckets exposed on the internet without a password.
May 2019 How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups
Mar 2018 Medical Records and Patient-Doctor Recordings Were Exposed information for employees of 181 business locations, as well as personally identifiable information (PII) for nearly 3,000 individuals was publicly exposed in an unsecured
Mar 2018 Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users addresses, zip-codes, e-mail addresses, and IP addresses. He also claims the database contained plaintext passwords
Feb 2018 S3 bucket open to world : Octoly real names, addresses, phone numbers, email addresses
Jan 22 Sensitive medical records on AWS bucket found to be publicly accessible
Dec 2017 Alteryx leave S3 bucket open for anonymous user : 120m american households exposed Home addresses, contact information, mortgage status, financial histories
Nov 2017 111 GB of internal customer information from National Credit Federation, a Tampa, Florida-based credit repair service - SSN - Drivers licesne, credit reports
Nov 2017 Uber, the hack happend couple months back was brought to light in Nov 2017> personal information of 57 million Uber users and driver's license numbers
Nov 2017 NSA leak exposes Red Disk, the Army's failed intelligence system 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk."
Nov 2017 Australia data leak: Nearly 50,000 government and private staffers’ sensitive data publicly exposed S3 bucket left open by a contractor
Oct 2017 How A Cloud Leak Exposed Accenture's Business
Oct 2017 Patient Home Monitoring Service Leaks Private Medical Data Online publically accessible Amazon S3 47.5 GB / 316,363
Sep 2017 Viacom : Open S3 bucket with AWS Keys, passwords, other sensitive info S3 bucket open to the world
Sep 2017 Leaky S3 bucket sloshes deets of thousands with US security clearance - Bucket open to the world in the test account
Sep 2017 Millions of Time Warner Cable Customer Records Exposed in Third-Party Data Leak
August 2017 Indian Creditseva Data Breach
August 2017 Open AWS S3 bucket leaked hotel booking service data
July 2017 S3 bucket was set to authenticate all AWS users, not just Dow Jones users
July 2017 Massive WWE Leak Exposes 3 Million Wrestling Fans' Addresses, Ethnicities And More
July 2017 Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet
June 2017 Personal information belonging to more than 198 million registered U.S. voters was exposed
May 2017 Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password
May 2017 Security company finds unsecured bucket of US military images on AWS
April 2017 A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed
Feb 2017 CHILDREN’S VOICE MESSAGES LEAKED IN CLOUDPETS DATABASE BREACH
Jan 2017 Paytm S3 bucket misconfiguration allowing PUT operations
March 2013 Thousands of Amazon S3 buckets left open exposing private data

Elastic Search

Date Description Notes
Sep 2017 AWS hosted elastic search servers hijacked
Owner
Nag
Nag
GitHub Repository
Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Frank 3 Feb 07, 2022
Gefilte Fish GMail filter creator

Gefilte Fish: GMail filter maker Gefilte Fish automates the creation of GMail filters. Use it like this: from gefilte import GefilteFish,

Ned Batchelder 31 Sep 28, 2022
Valeria stealer- - (4Feb 2022) program detects wifi saved passwords in your ROM

Valeria_stealer- Requirements : python 3.9.2 and higher (4Feb 2022) program dete

Mikhail Yolkin 3 May 05, 2022
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 12 Dec 17, 2022
Volunteer & Campaign Management System

Cleansweep Requirements A Linux (or Mac OS X) node with the following software installed. Ubuntu 14.04 is preferred. PostgreSQL 9.3 database server Py

Aam Aadmi Party 39 May 24, 2022
LeLeLe: A tool to simplify the application of Lattice attacks.

LeLeLe is a very simple library (300 lines) to help you more easily implement lattice attacks, the library is inspired by Z3Py (python interfa

Mathias Hall-Andersen 4 Dec 14, 2021
A local Socks5 server written in python, used for integrating Multi-hop

proxy-Zata proxy-Zata v1.0 This is a local Socks5 server written in python, used for integrating Multi-hop (Socks4/Socks5/HTTP) forward proxy then pro

4 Feb 24, 2022
Details,PoC and patches for CVE-2021-45383 & CVE-2021-45384

CVE-2021-45383 & CVE-2021-45384 There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Serv

20 Apr 07, 2022
A deobfuscator for multiple python obfuscators

PY4COC A deobfuscator for multiple python obfuscators, supports exe's packed with pyinstaller too. How to use python3 py4coc.py exe file or py file o

svenskithesource 16 Dec 03, 2022
Seamless deployment and management of cybersecurity solutions 🏗️

Description 🖼️ Background 👴🏼 Vision 📜 Concepts 💬 Solutions' Lifecycle. Operations ⭕ Functionalities 🚀 Supported Cybersecurity Solutions 📦 Insta

MutableSecurity 36 Nov 10, 2022
SpiderFoot automates OSINT collection so that you can focus on analysis.

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of m

Steve Micallef 9k Jan 08, 2023
Exploit grafana Pre-Auth LFI

Grafana-LFI-8.x Exploit grafana Pre-Auth LFI How to use python3

2 Jul 25, 2022
Deobfuscate Log4Shell payloads with ease

Ox4Shell Deobfuscate Log4Shell payloads with ease. Description Since the release

Oxeye 137 Jan 02, 2023
Xteam All in one Instagram,Android,phishing osint and wifi hacking tool available

Xteam All in one Instagram,Android,phishing osint and wifi hacking tool available

xploits tech 283 Dec 29, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Known issues it will not work outside kali , i will update it

Hossam 867 Dec 22, 2022
MD5-CRACKER - A gmail brute force app created with python3

MD5-CRACKER So this is my first app i created with python3 . if you guys downloa

2 Nov 10, 2022
A kAFL based hypervisor fuzzer which fully supports nested VMs

hAFL2 hAFL2 is a kAFL-based hypervisor fuzzer. It is the first open-source fuzzer which is able to target hypervisors natively (including Hyper-V), as

SafeBreach Labs 115 Dec 07, 2022
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

MassDNS A high-performance DNS stub resolver MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amou

B. Blechschmidt 2.5k Jan 07, 2023
xkeysnail is yet another keyboard remapping tool for X environment written in Python

xkeysnail is yet another keyboard remapping tool for X environment written in Python. It's like xmodmap but allows more flexible remappings.

Masafumi Oyamada 809 Dec 26, 2022
A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.

A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regardin

Cycurity 39 Dec 10, 2022