List of S3 Hacks

Related tags

Security related resourcess3-leaks
Overview

s3-leaks

List of AWS S3 Leaks

Feel free to send in a PR if you know of other leaks

Date Description Notes
Aug2020 S3 bucket mess up exposed 182GB of senior US, Canada citizens data The misconfigured S3 bucket was owned by SeniorAdvisor, a consumer ratings and reviews website.
July2020 Twilio: Someone broke into our unsecured AWS S3 silo, added 'non-malicious' code to our JavaScript SDK Attackers tried to update the javascript library hosted on the s3 buckets so this can be picked up by other clients
Jan 2020 "Exposed AWS buckets again implicated in multiple data leaks" Passport scans, tax documents, background checks, job applications, expense claims, contracts, emails and salary details relating to thousands of consultants working in the UK were exposed.
June 2020 "7.2 million records were exposed, but not from the BHIM app"
Oct 2018 Misconfigured database breaches thousands of MedCall Advisors patient files names, email and postal addresses, phone numbers, dates of birth and Social Security numbers. Other files had recordings of patient evaluations and conversations with doctors, along with medications, allergies and other detailed personal health data.
Jun 2019 AWS S3 server leaks data from Fortune 100 companies: Ford, Netflix, TD Bank Attunity, an Israeli IT firm that provides data management, warehousing, and replication services for the world's biggest companies, has exposed some of its customers' data after it left three Amazon S3 buckets exposed on the internet without a password.
May 2019 How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups
Mar 2018 Medical Records and Patient-Doctor Recordings Were Exposed information for employees of 181 business locations, as well as personally identifiable information (PII) for nearly 3,000 individuals was publicly exposed in an unsecured
Mar 2018 Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users addresses, zip-codes, e-mail addresses, and IP addresses. He also claims the database contained plaintext passwords
Feb 2018 S3 bucket open to world : Octoly real names, addresses, phone numbers, email addresses
Jan 22 Sensitive medical records on AWS bucket found to be publicly accessible
Dec 2017 Alteryx leave S3 bucket open for anonymous user : 120m american households exposed Home addresses, contact information, mortgage status, financial histories
Nov 2017 111 GB of internal customer information from National Credit Federation, a Tampa, Florida-based credit repair service - SSN - Drivers licesne, credit reports
Nov 2017 Uber, the hack happend couple months back was brought to light in Nov 2017> personal information of 57 million Uber users and driver's license numbers
Nov 2017 NSA leak exposes Red Disk, the Army's failed intelligence system 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk."
Nov 2017 Australia data leak: Nearly 50,000 government and private staffers’ sensitive data publicly exposed S3 bucket left open by a contractor
Oct 2017 How A Cloud Leak Exposed Accenture's Business
Oct 2017 Patient Home Monitoring Service Leaks Private Medical Data Online publically accessible Amazon S3 47.5 GB / 316,363
Sep 2017 Viacom : Open S3 bucket with AWS Keys, passwords, other sensitive info S3 bucket open to the world
Sep 2017 Leaky S3 bucket sloshes deets of thousands with US security clearance - Bucket open to the world in the test account
Sep 2017 Millions of Time Warner Cable Customer Records Exposed in Third-Party Data Leak
August 2017 Indian Creditseva Data Breach
August 2017 Open AWS S3 bucket leaked hotel booking service data
July 2017 S3 bucket was set to authenticate all AWS users, not just Dow Jones users
July 2017 Massive WWE Leak Exposes 3 Million Wrestling Fans' Addresses, Ethnicities And More
July 2017 Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet
June 2017 Personal information belonging to more than 198 million registered U.S. voters was exposed
May 2017 Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password
May 2017 Security company finds unsecured bucket of US military images on AWS
April 2017 A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed
Feb 2017 CHILDREN’S VOICE MESSAGES LEAKED IN CLOUDPETS DATABASE BREACH
Jan 2017 Paytm S3 bucket misconfiguration allowing PUT operations
March 2013 Thousands of Amazon S3 buckets left open exposing private data

Elastic Search

Date Description Notes
Sep 2017 AWS hosted elastic search servers hijacked
Owner
Nag
Nag
GitHub Repository
Hack computer in the form of RAR files from all types of clients, even Linux

Program Features 📌 Hide malware 📌 Vulnerability software vulnerabilities RAR 📌 Creating malware 📌 Access client files 📌 Client Hacking 📌 Link Do

hack4lx 5 Nov 25, 2022
Malware Configuration And Payload Extraction

CAPE: Malware Configuration And Payload Extraction CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of mal

Kevin O'Reilly 1k Dec 30, 2022
ONT Analysis Toolkit (OAT)

A toolkit for monitoring ONT MinION sequencing, followed by data analysis, for viral genomes amplified with tiled amplicon sequencing.

6 Jun 14, 2022
Brute Force Guess the password for Instgram accounts with python

Brute-Force-instagram Guess the password for Instgram accounts Tool features : It has two modes: 1- Combo system from you 2- Automatic (random) system

45 Dec 11, 2022
The Multi-Tool Web Vulnerability Scanner.

🟥 RapidScan v1.2 - The Multi-Tool Web Vulnerability Scanner RapidScan has been ported to Python3 i.e. v1.2. The Python2.7 codebase is available on v1

skavngr 1.3k Dec 31, 2022
A piece of software that shows a traceroute of a URL redirect path

Tracing URL redirects has never been easier! Usage • Download 🚩 Use Cases To see where an affiliate link ends up To see what affiliate network is bei

41 Nov 22, 2022
Windows Virus who destroy some impotants files on C:\windows\system32\

psychic-robot Windows Virus who destroy some importants files on C:\windows\system32\ Signatures of psychic-robot.PY (python file) : Bkav Pro : ASP.We

H-Tech-Dev36 1 Jan 06, 2022
Evil-stalker - A simple tool written in python, it is so simple that it is based on google dorks

evil-stalker How to run First of all, you must install the necessary libraries.

rock3d 6 Nov 16, 2022
威胁情报播报

Threat-Broadcast 威胁情报播报 运行环境 项目介绍 从以下公开的威胁情报来源爬取并整合最新信息: 360:https://cert.360.cn/warning 奇安信:https://ti.qianxin.com/advisory/ 红后:https://redqueen.tj-u

东方有鱼名为咸 148 Nov 09, 2022
将hw时信息收集以及简单的漏洞操作步骤简单化

Braised-vegetables 将hw时信息收集以及简单的漏洞扫描操作步骤简单化 使用subfinder(被动子域名爆破收集) subdomain(主动域名爆破) nabbu(端口扫描) httpx(探测目录浏览) crawlergo(360深度爬虫) chorme(谷歌浏览器) xray(漏

19 Nov 15, 2022
一款针对向日葵的识别码和验证码提取工具

Sunflower_get_Password 一款针对向日葵的识别码和验证码提取工具 👮🏻‍♀️ 免责声明 由于传播、利用Sunflower_get_Password工具提供的功能而造成的任何直接或者间接的后果及损失,均由使用者本人负责,本人不为此承担任何责任。 安装环境 本工具使用Python

635 Dec 20, 2022
Ini membuat tema berbasis bendera Indonesia with Python + Linux.py

tema Ubah Tema Termux Menjadi Linux Ubah Font Termux Jadi Linux dibuat oleh wahyudioputra INSTALL pkg update && pkg upgrade pkg install python pkg ins

wahyudioputra 2 Nov 30, 2021
Übersicht remote command execution 0day exploit

Übersicht RCE 0day Unauthenticated remote command execution 0day exploit for Übersicht. Description Übersicht is a desktop widget application for m

BoofGang 10 Dec 21, 2021
Http-proxy-list - A lightweight project that hourly scrapes lots of free-proxy sites, validates if it works, and serves a clean proxy list

Free HTTP Proxy List 🌍 It is a lightweight project that hourly scrapes lots of

Mert Güvençli 142 Jan 05, 2023
proxyshell payload generate

Py Permutative Encoding https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-pst/5faf4800-645d-49d1-9457-2ac40eb467bd Generate proxyshell

Evi1cg 63 Nov 15, 2022
A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3

arp_spoof_detector A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3 Usage: git clone ht

Surya Das N 1 Oct 30, 2021
Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. (Released due to exposure)

HCaptcha-Bypass Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. Not working? If it is not seeming to work for you

Dropout 17 Aug 23, 2021
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

Krypt0mux 162 Nov 25, 2022
Advanced subdomain scanner, any domain hidden subdomains

little advanced subdomain scanner made in python, works very quick and has options to change the port u want it to connect for

Nano 5 Nov 23, 2021
POC for detecting the Log4Shell (Log4J RCE) vulnerability

Interactsh An OOB interaction gathering server and client library Features • Usage • Interactsh Client • Interactsh Server • Interactsh Integration •

ProjectDiscovery 2.1k Jan 08, 2023