Federal data of 123M US households leaked in latest AWS Data Breach

243

Critical data of more than 123 million US households was leaked to the public network very recently- all due to a misconfiguration on AWS Storage Bucket. Chris Vickery, a security researcher at UpGuard, Inc was the one who alerted the world about the data breach of the cloud-based data repository and said that the leak could spell trouble to the users of exposed information anytime in near future.

Alteryx Inc, a California based analytics firm which specializes in marketing was the one which stored the info on the Amazon Web Services (AWS) Cloud Repository. To make matters worse, more than half of the data was sourced from US federal agencies including the US Army Intelligence and Security Command (INSCOM), US Census Bureau and Consumer Credit Reporting Agency Experian Inc.


According to the sources reporting to Cybersecurity Insiders, the data was available on a public cloud storage server without a password protection for more than 3 months and out of the said proportion of data more than 100 gigabytes of data belonged to the Army Intelligence Project, codenamed ‘Red Disk’ run secretly by Trump Administration.

Vickery added in his finding’s report that most of the data was marked as “Top secret” and “NOFORN” – indicating it was not meant to be shared with foreign allies.

After the data breach was reported to the media, a top official from NSA is said to have contacted Chris Vickery to confirm the details.

In May 2017, Trump signed an executive order which enables almost all sensitive applications used by government agencies to be moved to the cloud. Based on the latest order, the company dealing with the federal data might have used Amazon Web Services as a storage platform in its project. And due to the misconfiguration of the network admin dealing with the data, the data breach is said to have occurred.

Note – The latest exposure of data pronounces the need of stringent cloud security controls practices amongst the government agencies…..isn’t it?

A question to our Cybersecurity Insiders readers- From past 11 months or so UpGuard is the only company which discovers the critical loops holes of AWS…..why is that so?