s3-leaks

List of AWS S3 Leaks

Feel free to send in a PR if you know of other leaks

Date	Description	Notes
Aug2020	S3 bucket mess up exposed 182GB of senior US, Canada citizens data	The misconfigured S3 bucket was owned by SeniorAdvisor, a consumer ratings and reviews website.
July2020	Twilio: Someone broke into our unsecured AWS S3 silo, added 'non-malicious' code to our JavaScript SDK	Attackers tried to update the javascript library hosted on the s3 buckets so this can be picked up by other clients
Jan 2020	"Exposed AWS buckets again implicated in multiple data leaks"	Passport scans, tax documents, background checks, job applications, expense claims, contracts, emails and salary details relating to thousands of consultants working in the UK were exposed.
June 2020	"7.2 million records were exposed, but not from the BHIM app"
Oct 2018	Misconfigured database breaches thousands of MedCall Advisors patient files	names, email and postal addresses, phone numbers, dates of birth and Social Security numbers. Other files had recordings of patient evaluations and conversations with doctors, along with medications, allergies and other detailed personal health data.
Jun 2019	AWS S3 server leaks data from Fortune 100 companies: Ford, Netflix, TD Bank	Attunity, an Israeli IT firm that provides data management, warehousing, and replication services for the world's biggest companies, has exposed some of its customers' data after it left three Amazon S3 buckets exposed on the internet without a password.
May 2019	How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups
Mar 2018	Medical Records and Patient-Doctor Recordings Were Exposed	information for employees of 181 business locations, as well as personally identifiable information (PII) for nearly 3,000 individuals was publicly exposed in an unsecured
Mar 2018	Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users	addresses, zip-codes, e-mail addresses, and IP addresses. He also claims the database contained plaintext passwords
Feb 2018	S3 bucket open to world : Octoly	real names, addresses, phone numbers, email addresses
Jan 22	Sensitive medical records on AWS bucket found to be publicly accessible
Dec 2017	Alteryx leave S3 bucket open for anonymous user : 120m american households exposed	Home addresses, contact information, mortgage status, financial histories
Nov 2017	111 GB of internal customer information from National Credit Federation, a Tampa, Florida-based credit repair service	- SSN - Drivers licesne, credit reports
Nov 2017	Uber, the hack happend couple months back was brought to light in Nov 2017>	personal information of 57 million Uber users and driver's license numbers
Nov 2017	NSA leak exposes Red Disk, the Army's failed intelligence system	100 gigabytes of data from an Army intelligence project, codenamed "Red Disk."
Nov 2017	Australia data leak: Nearly 50,000 government and private staffers’ sensitive data publicly exposed	S3 bucket left open by a contractor
Oct 2017	How A Cloud Leak Exposed Accenture's Business
Oct 2017	Patient Home Monitoring Service Leaks Private Medical Data Online	publically accessible Amazon S3 47.5 GB / 316,363
Sep 2017	Viacom : Open S3 bucket with AWS Keys, passwords, other sensitive info	S3 bucket open to the world
Sep 2017	Leaky S3 bucket sloshes deets of thousands with US security clearance	- Bucket open to the world in the test account
Sep 2017	Millions of Time Warner Cable Customer Records Exposed in Third-Party Data Leak
August 2017	Indian Creditseva Data Breach
August 2017	Open AWS S3 bucket leaked hotel booking service data
July 2017	S3 bucket was set to authenticate all AWS users, not just Dow Jones users
July 2017	Massive WWE Leak Exposes 3 Million Wrestling Fans' Addresses, Ethnicities And More
July 2017	Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet
June 2017	Personal information belonging to more than 198 million registered U.S. voters was exposed
May 2017	Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password
May 2017	Security company finds unsecured bucket of US military images on AWS
April 2017	A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed
Feb 2017	CHILDREN’S VOICE MESSAGES LEAKED IN CLOUDPETS DATABASE BREACH
Jan 2017	Paytm S3 bucket misconfiguration allowing PUT operations
March 2013	Thousands of Amazon S3 buckets left open exposing private data

Elastic Search

Date	Description	Notes
Sep 2017	AWS hosted elastic search servers hijacked

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

1 Dec 15, 2021

Password List Creator Simple !

4 Jan 27, 2022

Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

GoodHound ______ ____ __ __ / ____/___ ____ ____/ / / / /___ __ ______ ____/ / / / __/ __ \/ __ \/ __

352 Jan 2, 2023

Helpers to extend Django Admin with data from external service with minimal hacks

django-admin-data-from-external-service Helpers to extend Django Admin with data from external service with minimal hacks Live demo with sources on He

7 Apr 27, 2022

Multiple hacks that breaks the game

Blooket-Hack All of the cheats are based on a game mode.

484 Feb 25, 2022

Cleaning Tiktok Hacks With Python

13 Jan 6, 2023

Discord-RAID-Tool - Hacks/tools

How to use Python must be installed run install-config If you dont have python installed, download python 3.7.6 and make sure you click on the 'ADD TO

1 Jan 1, 2022

The Django Leaflet Admin List package provides an admin list view featured by the map and bounding box filter for the geo-based data of the GeoDjango.

The Django Leaflet Admin List package provides an admin list view featured by the map and bounding box filter for the geo-based data of the GeoDjango. It requires a django-leaflet package.

33 Nov 11, 2022

Magic-Square - Creates a magic square by randomly generating a list until the list happens to be a magic square

Magic-Square Creates a magic square by randomly generating a list until the list happens to be a magic square. Done as simply as possible... Frequentl

2 Jan 1, 2022

Youtube list to mp3 - Youtube list to mp3 downloader

Youtube list to mp3 downloader Tiny script to convert a list of youtube videos t

3 Feb 11, 2022

Http-proxy-list - A lightweight project that hourly scrapes lots of free-proxy sites, validates if it works, and serves a clean proxy list

Free HTTP Proxy List 🌍 It is a lightweight project that hourly scrapes lots of

142 Jan 5, 2023

would suggest to add the Attunity data leak in 2019

| May 2019 | <a href="https://www.upguard.com/breaches/attunity-data-leak"> How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups</a> ||

opened by bvdlingen 1
correct input August 2022

I was reviewing the most recent entry of August 2022 and found that the date should be adjusted since it was reported in November 2021, as can be verified in the following article https://www.msspalert.com/cybersecurity-breaches-and-attacks/amazon-s3-cloud-data-leak-securitas-exposes-nearly-1-5m-files/

opened by minato-jishi 0

List of S3 Hacks

Related tags

Overview

s3-leaks

List of AWS S3 Leaks

Elastic Search

You might also like...

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

Password List Creator Simple !

Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

Helpers to extend Django Admin with data from external service with minimal hacks

Multiple hacks that breaks the game

Cleaning Tiktok Hacks With Python

Discord-RAID-Tool - Hacks/tools

The Django Leaflet Admin List package provides an admin list view featured by the map and bounding box filter for the geo-based data of the GeoDjango.

Magic-Square - Creates a magic square by randomly generating a list until the list happens to be a magic square

Youtube list to mp3 - Youtube list to mp3 downloader

Http-proxy-list - A lightweight project that hourly scrapes lots of free-proxy sites, validates if it works, and serves a clean proxy list

Python Sorted Container Types: Sorted List, Sorted Dict, and Sorted Set

A curated list of awesome Python asyncio frameworks, libraries, software and resources

A curated list of awesome Dash (plotly) resources

A curated list of awesome tools for Sphinx Python Documentation Generator

Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes

A curated list of awesome Jupyter projects, libraries and resources

A curated list of awesome tools for SQLAlchemy

List of GSoC organisations with number of times they have been selected.

Comments

would suggest to add the Attunity data leak in 2019

correct input August 2022

Owner

Nag

Password list generator for password spraying - prebaked with goodies

zip-brute Zip File Password Cracking with Using Password List

A small Python Script To get all levels of subdomains from a list

A curated list of amazingly awesome Cybersecurity datasets

DependConfusion-X Tool is written in Python3 that scans and monitors list of hosts for Dependency Confusion

Password List Maker

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

This program will brute force any Instagram account you send it its way given a list of proxies.

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

Python script that sends CVE-2021-44228 log4j payload requests to url list