Australian Broadcasting Corporation Leaked Data through AWS S3 Bucket

Posted on November 20, 2017
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack

The Australian Broadcasting Corporation (ABC) leaked sensitive data online through a publicly accessibly Amazon Web Services (AWS) S3 bucket. Public search engine Censys indexed the misconfigured asset on 14 November during a regular security audit of the S3 environment. Researchers at the Kromtech security center don't know who might have accessed the AWS S3 bucket before its discovery. However, they do have a firm grasp on what those individuals could have accessed from ABC Commercial, a division which specializes in content sales and marketing for the broadcasting giant. The S3 bucket exposed multiple sources of sensitive and identifiable information including the following:

  • Thousands of logins, usernames, and hashed passwords that ABC Commercial users need to access ABC content.
  • Requests from TV and movie producers for licensed content.
  • Secret access key and login details that someone could use to view another repository containing video content.
  • 1,800 daily MySQL database backups dating back to 2015.
tmp_d6c8357aedc6b2aa074b461a999111ee.png

Redacted screenshot of one of the user tables in MySQL database backups, all publicly available. (Source: Kromtech) With the assistance of researcher Troy Hunt, the team at Kromtech got in touch with ABC and notified it of the exposure. ABC Technology specialists thereafter secured the buckets within minutes. The broadcasting giant confirmed this account to The Register on 17 November and said it's currently investigating a data breach with respect to the misconfiguration. Bob Diachenko, Kromtech's chief communication officer, feels that the incident at ABC is part of an ongoing trend involving data breaches:

The most unfortunate part is that the issue occurred due to human error and not a malicious attack. It seems like every few days there is yet another data breach, ransomware threat or a new security flaw and companies or organizations must do more to be proactive in how they store sensitive data online.

For information on how to secure their S3 buckets, organizations should look to these best practices along with some new encryption and security features unveiled on 6 November. They should also focus on implementing security controls to help defend their S3 buckets and other assets against digital threats.

Mastering Security Configuration Management

Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.

Get the Guide
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!