List of S3 Hacks

Related tags

Security related resourcess3-leaks
Overview

s3-leaks

List of AWS S3 Leaks

Feel free to send in a PR if you know of other leaks

Date Description Notes
Aug2020 S3 bucket mess up exposed 182GB of senior US, Canada citizens data The misconfigured S3 bucket was owned by SeniorAdvisor, a consumer ratings and reviews website.
July2020 Twilio: Someone broke into our unsecured AWS S3 silo, added 'non-malicious' code to our JavaScript SDK Attackers tried to update the javascript library hosted on the s3 buckets so this can be picked up by other clients
Jan 2020 "Exposed AWS buckets again implicated in multiple data leaks" Passport scans, tax documents, background checks, job applications, expense claims, contracts, emails and salary details relating to thousands of consultants working in the UK were exposed.
June 2020 "7.2 million records were exposed, but not from the BHIM app"
Oct 2018 Misconfigured database breaches thousands of MedCall Advisors patient files names, email and postal addresses, phone numbers, dates of birth and Social Security numbers. Other files had recordings of patient evaluations and conversations with doctors, along with medications, allergies and other detailed personal health data.
Jun 2019 AWS S3 server leaks data from Fortune 100 companies: Ford, Netflix, TD Bank Attunity, an Israeli IT firm that provides data management, warehousing, and replication services for the world's biggest companies, has exposed some of its customers' data after it left three Amazon S3 buckets exposed on the internet without a password.
May 2019 How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups
Mar 2018 Medical Records and Patient-Doctor Recordings Were Exposed information for employees of 181 business locations, as well as personally identifiable information (PII) for nearly 3,000 individuals was publicly exposed in an unsecured
Mar 2018 Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users addresses, zip-codes, e-mail addresses, and IP addresses. He also claims the database contained plaintext passwords
Feb 2018 S3 bucket open to world : Octoly real names, addresses, phone numbers, email addresses
Jan 22 Sensitive medical records on AWS bucket found to be publicly accessible
Dec 2017 Alteryx leave S3 bucket open for anonymous user : 120m american households exposed Home addresses, contact information, mortgage status, financial histories
Nov 2017 111 GB of internal customer information from National Credit Federation, a Tampa, Florida-based credit repair service - SSN - Drivers licesne, credit reports
Nov 2017 Uber, the hack happend couple months back was brought to light in Nov 2017> personal information of 57 million Uber users and driver's license numbers
Nov 2017 NSA leak exposes Red Disk, the Army's failed intelligence system 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk."
Nov 2017 Australia data leak: Nearly 50,000 government and private staffers’ sensitive data publicly exposed S3 bucket left open by a contractor
Oct 2017 How A Cloud Leak Exposed Accenture's Business
Oct 2017 Patient Home Monitoring Service Leaks Private Medical Data Online publically accessible Amazon S3 47.5 GB / 316,363
Sep 2017 Viacom : Open S3 bucket with AWS Keys, passwords, other sensitive info S3 bucket open to the world
Sep 2017 Leaky S3 bucket sloshes deets of thousands with US security clearance - Bucket open to the world in the test account
Sep 2017 Millions of Time Warner Cable Customer Records Exposed in Third-Party Data Leak
August 2017 Indian Creditseva Data Breach
August 2017 Open AWS S3 bucket leaked hotel booking service data
July 2017 S3 bucket was set to authenticate all AWS users, not just Dow Jones users
July 2017 Massive WWE Leak Exposes 3 Million Wrestling Fans' Addresses, Ethnicities And More
July 2017 Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet
June 2017 Personal information belonging to more than 198 million registered U.S. voters was exposed
May 2017 Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password
May 2017 Security company finds unsecured bucket of US military images on AWS
April 2017 A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed
Feb 2017 CHILDREN’S VOICE MESSAGES LEAKED IN CLOUDPETS DATABASE BREACH
Jan 2017 Paytm S3 bucket misconfiguration allowing PUT operations
March 2013 Thousands of Amazon S3 buckets left open exposing private data

Elastic Search

Date Description Notes
Sep 2017 AWS hosted elastic search servers hijacked
Owner
Nag
Nag
GitHub Repository
Scan your logs for CVE-2021-44228 related activity and report the attackers

jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

js-on 2 Nov 24, 2022
DNS hijacking via dead records automation tool

DeadDNS Multi-threaded DNS hijacking via dead records automation tool How it works 1) Dig provided subdomains file for dead DNS records. 2) Dig the fo

45 Dec 20, 2022
Brute smb share - Brute force a SMB share

brute_smb_share I wrote this small PoC after bumping into SMB servers where Hydr

devloop 3 Feb 21, 2022
Whois-Python - Get Whois Domain with Python GUI

Whois-Python-GUI Get Whois Domain with Python - GUI :) WARNING Dont Copy ! - W

MR.D3F417 3 Feb 21, 2022
AttractionFinder - 2022 State Qualified FBLA Attraction Finder Application

Attraction Finder Developers: Riyon Praveen, Aaron Bijoy, & Yash Vora How It Wor

$ky 2 Feb 09, 2022
Fuck - Multi Brute Force 🚶‍♂

f-mbf Fuck - Multi Brute Force 🚶‍♂ Install Script $ pkg update && pkg upgrade $ pkg install python2 $ pkg install git $ pip2 install requests $ pip2

Yumasaa 1 Dec 03, 2021
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an

Ayoub 861 Feb 18, 2021
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

ExProlog ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Usage: exprolog.py [OPTIONS] ExProlog -

Herwono W. Wijaya 130 Dec 15, 2022
Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes

log4j-nullroute Quick script to ingest IP feed from greynoise.io for log4j (CVE-2021-44228) and null route bad addresses. Works w/Cisco IOS-XE and Ari

Ryan 5 Sep 12, 2022
Scanner for Intranet

cthun3是集成端口扫描,服务识别,netbios扫描,网站识别,暴力破解和漏洞扫描的工具. cthun(克苏恩)是魔兽世界电子游戏中一位上古之神 截图 cthun3结合viper使用时截图 使用方法 端口扫描 -ps-ip 端口扫描的ip地址范围,例如可以输入 -ps-ip 192.168.14

rootkit 18 Sep 03, 2022
Internationalized Domain Names for Python (IDNA 2008 and UTS #46)

Internationalized Domain Names in Applications (IDNA) Support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in R

Kim Davies 204 Dec 13, 2022
IDA plugin for quickly copying disassembly as encoded hex bytes

HexCopy IDA plugin for quickly copying disassembly as encoded hex bytes. This whole plugin just saves you two extra clicks... but if you are frequentl

OALabs 46 Oct 30, 2022
Cookiecutter for creating open source Python packages

Cookiecutter for rapidly developing new open source Python packages. Best practices with all the modern bells and whistles included.

Wolt 177 Dec 22, 2022
Automated tool to exploit basic buffer overflow remotely and locally & x32 and x64

Automated tool to exploit basic buffer overflow (remotely or locally) & (x32 or x64)

5 Oct 09, 2022
Operational information regarding the vulnerability in the Log4j logging library.

Log4j Vulnerability (CVE-2021-44228) This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-442

Nationaal Cyber Security Centrum (NCSC-NL) 1.9k Dec 26, 2022
This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

Pedro Havay 12 Nov 18, 2022
Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

DOME - A subdomain enumeration tool Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtai

Vadi 329 Jan 01, 2023
MainCoon - an automated recon framework

MainCoon is an automated recon framework meant for gathering information during penetration testing of web applications.

Md. Nur habib 8 Aug 26, 2022
vulnerable APIs

vulnerable-apis vulnerable APIs inspired by https://github.com/mattvaldes/vulnerable-api Setup Docker If, Out of the box docker pull kmmanoj/vulnerabl

9 Jun 01, 2022
Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Fuzz introspector Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potenti

Open Source Security Foundation (OpenSSF) 221 Jan 01, 2023