List of S3 Hacks

Overview

s3-leaks

List of AWS S3 Leaks

Feel free to send in a PR if you know of other leaks

Date Description Notes
Aug2020 S3 bucket mess up exposed 182GB of senior US, Canada citizens data The misconfigured S3 bucket was owned by SeniorAdvisor, a consumer ratings and reviews website.
July2020 Twilio: Someone broke into our unsecured AWS S3 silo, added 'non-malicious' code to our JavaScript SDK Attackers tried to update the javascript library hosted on the s3 buckets so this can be picked up by other clients
Jan 2020 "Exposed AWS buckets again implicated in multiple data leaks" Passport scans, tax documents, background checks, job applications, expense claims, contracts, emails and salary details relating to thousands of consultants working in the UK were exposed.
June 2020 "7.2 million records were exposed, but not from the BHIM app"
Oct 2018 Misconfigured database breaches thousands of MedCall Advisors patient files names, email and postal addresses, phone numbers, dates of birth and Social Security numbers. Other files had recordings of patient evaluations and conversations with doctors, along with medications, allergies and other detailed personal health data.
Jun 2019 AWS S3 server leaks data from Fortune 100 companies: Ford, Netflix, TD Bank Attunity, an Israeli IT firm that provides data management, warehousing, and replication services for the world's biggest companies, has exposed some of its customers' data after it left three Amazon S3 buckets exposed on the internet without a password.
May 2019 How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups
Mar 2018 Medical Records and Patient-Doctor Recordings Were Exposed information for employees of 181 business locations, as well as personally identifiable information (PII) for nearly 3,000 individuals was publicly exposed in an unsecured
Mar 2018 Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users addresses, zip-codes, e-mail addresses, and IP addresses. He also claims the database contained plaintext passwords
Feb 2018 S3 bucket open to world : Octoly real names, addresses, phone numbers, email addresses
Jan 22 Sensitive medical records on AWS bucket found to be publicly accessible
Dec 2017 Alteryx leave S3 bucket open for anonymous user : 120m american households exposed Home addresses, contact information, mortgage status, financial histories
Nov 2017 111 GB of internal customer information from National Credit Federation, a Tampa, Florida-based credit repair service - SSN - Drivers licesne, credit reports
Nov 2017 Uber, the hack happend couple months back was brought to light in Nov 2017> personal information of 57 million Uber users and driver's license numbers
Nov 2017 NSA leak exposes Red Disk, the Army's failed intelligence system 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk."
Nov 2017 Australia data leak: Nearly 50,000 government and private staffers’ sensitive data publicly exposed S3 bucket left open by a contractor
Oct 2017 How A Cloud Leak Exposed Accenture's Business
Oct 2017 Patient Home Monitoring Service Leaks Private Medical Data Online publically accessible Amazon S3 47.5 GB / 316,363
Sep 2017 Viacom : Open S3 bucket with AWS Keys, passwords, other sensitive info S3 bucket open to the world
Sep 2017 Leaky S3 bucket sloshes deets of thousands with US security clearance - Bucket open to the world in the test account
Sep 2017 Millions of Time Warner Cable Customer Records Exposed in Third-Party Data Leak
August 2017 Indian Creditseva Data Breach
August 2017 Open AWS S3 bucket leaked hotel booking service data
July 2017 S3 bucket was set to authenticate all AWS users, not just Dow Jones users
July 2017 Massive WWE Leak Exposes 3 Million Wrestling Fans' Addresses, Ethnicities And More
July 2017 Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet
June 2017 Personal information belonging to more than 198 million registered U.S. voters was exposed
May 2017 Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password
May 2017 Security company finds unsecured bucket of US military images on AWS
April 2017 A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed
Feb 2017 CHILDREN’S VOICE MESSAGES LEAKED IN CLOUDPETS DATABASE BREACH
Jan 2017 Paytm S3 bucket misconfiguration allowing PUT operations
March 2013 Thousands of Amazon S3 buckets left open exposing private data

Elastic Search

Date Description Notes
Sep 2017 AWS hosted elastic search servers hijacked
A Telegram Bot to force users to join a specific channel before sending messages in a group.

Promoter A Telegram Bot to force users to join a specific channel before sending messages in a group. Introduction A Telegram Bot to force users to jo

Mr. Dynamic 1 Jan 27, 2022
This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate

Ashish Kunwar 33 Sep 23, 2022
#whois it? Let's find out!

whois_bot #whois it? Let's find out! Currently in development: a gatekeeper bot for a community (https://t.me/IT_antalya) of 250+ expat IT pros of Ant

Kirill Nikolaev 14 Jun 24, 2022
CVE-2021-26855 SSRF Exchange Server

CVE-2021-26855 Brute Force EMail Exchange Server Timeline: Monday, March 8, 2021: Update Dumping content...(I'm not done, can u guy help me done this

lulz 117 Nov 28, 2022
Password database With special stuff

This is a Password database I made for myself, as I want to keep all my passwords in the same place. but still protected, shall anyone get access to the file. And so I made this simple password datab

9 Oct 30, 2022
CodeTest信息收集和漏洞利用工具

CodeTest信息收集和漏洞利用工具,可在进行渗透测试之时方便利用相关信息收集脚本进行信息的获取和验证工作,漏洞利用模块可选择需要测试的漏洞模块,或者选择所有模块测试,包含CVE-2020-14882, CVE-2020-2555等,可自己收集脚本后按照模板进行修改。

23 Mar 18, 2021
A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye

MotionEye/MotionEyeOS Authenticated RCE A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye. You need administrator crede

Matt 1 Apr 18, 2022
Looks at Python code to search for things which look "dodgy" such as passwords or diffs

dodgy Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions desig

Landscape 112 Nov 25, 2022
This repository is one of a few malware collections on the GitHub.

This repository is one of a few malware collections on the GitHub.

Andrew 1.7k Dec 28, 2022
Pgen is the best brute force password generator and it is improved from the cupp.py

pgen Pgen is the best brute force password generator and it is improved from the cupp.py The pgen tool is dedicated to Leonardo da Vinci -Time stays l

heyheykids 2 Jan 31, 2022
CVE-2021-45232-RCE-多线程批量漏洞检测

CVE-2021-45232-RCE CVE-2021-45232-RCE-多线程批量漏洞检测 FOFA 查询 title="Apache APISIX Das

孤桜懶契 36 Sep 21, 2022
Tinyman exploit finder - Tinyman exploit finder for python

tinyman_exploit_finder There was a big tinyman exploit. You can read about it he

fish.exe 9 Dec 27, 2022
Bypass ReCaptcha: A Python script for dealing with recaptcha

Bypass ReCaptcha Bypass ReCaptcha is a Python script for dealing with recaptcha.

Marcos Camargo 1 Jan 11, 2022
Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。

0x00 介绍 tig Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率,目前已集成微步、IP 域名反查、Fofa 信息收集、ICP 备案查询、IP 存活检测五个模块,现已支持以下信息的查询: ✅ 微步标签 ✅ I

Wolf Group Security Team 698 Dec 09, 2022
Automated tool to exploit basic buffer overflow remotely and locally & x32 and x64

Automated tool to exploit basic buffer overflow (remotely or locally) & (x32 or x64)

5 Oct 09, 2022
Hadoop Yan ResourceManager unauthorized RCE

Vuln Impact There was an unauthorized access vulnerability in Hadoop yarn ResourceManager. This vulnerability existed in Hadoop yarn, the core compone

Al1ex 25 Nov 24, 2022
CVE-2021-44228 log4j 2.x rce漏洞检测工具

#1 使用说明 CVE-2021-44228 log4j 2.x rce漏洞检测工具,对目标链接发起get请求并利用dnslog探测是否有回显 $ python3 log4j-scan.py -h

CoCo ainrm- 4 Jan 13, 2022
Solución al reto BBVA Contigo, Hack BBVA 2021

Solution Solución propuesta para el reto BBVA Contigo del Hackathon BBVA 2021. Equipo Mexdapy. Integrantes: David Pedroza Segoviano Regina Priscila Ba

Gabriel Missael Barco 2 Dec 06, 2021
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

SSLyze SSLyze is a fast and powerful SSL/TLS scanning tool and Python library. SSLyze can analyze the SSL/TLS configuration of a server by connecting

Alban Diquet 2.8k Jan 03, 2023
This repo explains in details about buffer overflow exploit development for windows executable.

Buffer Overflow Exploit Development For Beginner Introduction I am beginner in security community and as my fellow beginner, I spend some of my time a

cris_0xC0 11 Dec 17, 2022