Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records
An unsecured and unencrypted Amazon Simple Storage Service (S3) bucket was found leaking 36,077 records belonging to inmates of correctional facilities in several U.S. states. The leak, which was discovered by vpnMentor, exposed personally identifiable information (PII), prescription records, and details of the inmate’s daily activities. The leaky repository belongs to JailCore, a cloud-based application utilized in correctional facility management.
The researchers first discovered the leak through a web mapping project, where they scanned ports to identified vulnerable systems. The findings were then reported to JailCore, and the bucket was closed some days after.
The exposed data
The exposed data included the inmates’ PII, such as their full names, date of birth, booking number, mugshot, and cell location. The researchers noted that some of the information were already publicly accessible even before the leak.
The inmates’ prescription records were also exposed, showing the name of the medication, dosage amount, start and end date, prescription quantity and remaining refills, time and date administered, if the inmate took the prescription or refused, and even the full name. Some cases had the signature of correctional officers who administered these drugs.
Details on the inmates’ activities involving the restroom, shower, meals, visits, recreation, packages, and cleaning were also revealed. Other records comprise of headcount reports and officer audit logs.
A JailCore representative claimed that most of the leaked records were for fake inmates, and were only created to test the application’s functionality. The representative admitted that a few of the leaked files did contain data on actual inmates, but said that these records did not reveal sensitive information.
Securing cloud storage services
Unsecured buckets make it easy for threat actors to steal data and obstruct operations. Although most cloud storage services have built-in security features, the configuration of these and the protection of the stored data ultimately lies with the user. Fortunately, there are several actionable steps that users can take to bolster the security of cloud storage systems.
First, users must deliberately learn and configure security settings. Many people mistakenly take the security of cloud services for granted, considering the whole system as “plug-and-play.” Cloud builders and IT security teams should study these security settings to ensure protection.
Users should also change default passwords and regularly update them. Cybercriminals have access to default and commonly used passwords, and actively scan for vulnerabilities to identify which systems they can penetrate. Using a strong password is a small but vital step against threats.
Organizations can regularly assess their cloud security posture using tools like the Trend Micro Cloud One™ Cloud Conformity Security solution, which allows automated checks to be run against industry compliance standards.
As additional layers of protection, the following Trend Micro solutions are also recommended:
- Trend Micro™ Hybrid Cloud Security – Security made seamless for hybrid environments that incorporate physical, virtual, and cloud workloads.
- Trend Micro™ Cloud One™ File Storage Security – Security for cloud file/object storage.
- Trend Micro™ Deep Security™ for Cloud – Security for proactive threat detection.
- Trend Micro™ Deep Security as a Service – Security that is specifically configured for AWS, Azure, and VMware systems.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report