A cloud misconfiguration has leaked personal details of countless airport staff throughout South America, a new report suggests.
An Amazon Web Services S3 bucket was found without any authentication required to access its contents. A team at AV comparison site Safety Detectives found the problem and notified the owner, Swedish security giant Securitas on October 28 2021. The firm secured the database on November 2.
Safety Detectives believe the S3 bucket contained around 1.5 million files.
Researchers found personally identifiable information (PII) on Securitas and airport employees dating back to November 2018 inside the 3TB trove.
At least four airports across Peru (Aeropuerto Internacional Jorge Chávez) and Colombia (El Dorado International Airport, Alfonso Bonilla Aragón International Airport, and José María Córdova International Airport) have been hit.
 
The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY
Follow Us
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
This site uses functional cookies and external scripts to improve your experience.
Privacy settings
Privacy Settings / PENDING
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.
NOTE: These settings will only apply to the browser and device you are currently using.
GDPR Compliance

source

You May Also Like

NHS 111 urgent care provider leads the way in secure and flexible workforce identity and access management with My1Login

  The platform integrates with their existing computer login and removes the…

New Risk-based Application Access Control aims to solve BYOD and Remote Work Security and Productivity Challenges

Yesterday, Cato Networks introduced its new risk-based application access control for combatting…

DSbD’s Four Nations Roadshow Begins

Next week, UK Research and Innovation’s Digital Security by Design (DSbD) challenge’s…

Bugcrowd correlates $27bn risk reduction with ethical hacking to find vulnerabilities

Bugcrowd, the crowdsourced cybersecurity platform, has published its Inside the Mind of…