Security researchers have found yet another Amazon S3 storage container with sensitive data that was publicly accessible to anyone on the internet. The S3 bucket contained around 100MB of data, including internal files, usernames, passwords and email messages from U.S. telecommunications provider Verizon Wireless.
Many of the files were associated with an internal middleware application used by Verizon called Distributed Vision Services (DVS) that’s used to link front-end applications to billing data.
“Although no customers data are involved in this data leak, we were able to see files and data named ‘VZ Confidential’ and ‘Verizon Confidential,’ some of which contained usernames, passwords and these credentials could have easily allowed access to other parts of Verizon’s internal network and infrastructure,” researchers from Kromtech Alliance, who found the exposed S3 bucket, said in a report.
There were also over 100 Outlook email messages that contained production logs, descriptions of the server architecture and more passwords and login credentials.
According to the Kromtech researchers, the storage bucket wasn’t owned or managed by Verizon itself, but by a Verizon engineer in a personal capacity. Nevertheless, this is the second time in several months when Verizon data is found in a misconfigured Amazon Web Services (AWS) S3 container.
In July, researchers from security firm UpGuard found a similarly misconfigured storage bucket containing the names, addresses, account details and personal identification numbers (PINs) of as many as 14 million Verizon customers. That bucket actually belonged to a third-party vendor called NICE Systems that was being used by Verizon.
Other companies have experienced data leaks over the past few months due to misconfigured cloud storage services, especially on AWS S3. This is somewhat surprising because S3 buckets are private by default and can only be accessed by their owners. This means that in those cases administrators specifically modified the default configuration to allow for public unauthenticated access and that’s never a good idea.
“Given the high number of incidents involving exposed S3 buckets that we have seen in the past few months, it is baffling that every organization is not carefully looking into the configurations and exposure levels of their storage in the cloud,” said Zohar Alon, CEO of cloud compliance firm Dome9. “Protecting data in the cloud from accidental exposure and theft is a business priority.”
Researchers from web security firm Sucuri have investigated multiple website compromises over the past few days that had such infections. They identified two separate attack campaigns: one targeting WordPress websites and one targeting Magento e-commerce shops.
Since cryptocurrency miners consume CPU resources, users will observe a serious performance degradation of their browsing and computing experience when visiting websites infected with such scripts. This means that such infections can lead to reputation damage and permanent loss of visitors for affected websites, something that the owners of The Pirate Bay recently experienced when they intentionally ran such a script on their site.