Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records

An unsecured and unencrypted Amazon Simple Storage Service (S3) bucket was found leaking 36,077 records belonging to inmates of correctional facilities in several U.S. states. The leak, which was discovered by vpnMentor, exposed personally identifiable information (PII), prescription records, and details of the inmate’s daily activities. The leaky repository belongs to JailCore, a cloud-based application utilized in correctional facility management.

The researchers first discovered the leak through a web mapping project, where they scanned ports to identified vulnerable systems. The findings were then reported to JailCore, and the bucket was closed some days after.

[Related: Unsecured AWS S3 Bucket Found Leaking Data of Over 30K Cannabis Dispensary Customers]


The exposed data

The exposed data included the inmates’ PII, such as their full names, date of birth, booking number, mugshot, and cell location. The researchers noted that some of the information were already publicly accessible even before the leak.

The inmates’ prescription records were also exposed, showing the name of the medication, dosage amount, start and end date, prescription quantity and remaining refills, time and date administered, if the inmate took the prescription or refused, and even the full name. Some cases had the signature of correctional officers who administered these drugs.

Details on the inmates’ activities involving the restroom, shower, meals, visits, recreation, packages, and cleaning were also revealed. Other records comprise of headcount reports and officer audit logs.

A JailCore representative claimed that most of the leaked records were for fake inmates, and were only created to test the application’s functionality. The representative admitted that a few of the leaked files did contain data on actual inmates, but said that these records did not reveal sensitive information.
 

Securing cloud storage services

Unsecured buckets make it easy for threat actors to steal data and obstruct operations. Although most cloud storage services have built-in security features, the configuration of these and the protection of the stored data ultimately lies with the user. Fortunately, there are several actionable steps that users can take to bolster the security of cloud storage systems.


First, users must deliberately learn and configure security settings. Many people mistakenly take the security of cloud services for granted, considering the whole system as “plug-and-play”. A designated member of the IT staff should study these security settings to ensure protection.

Users should also change default passwords and regularly update them. Cybercriminals have access to default and commonly used passwords, and actively scan for vulnerabilities to identify which systems they can penetrate. Using a strong password is a small but vital step against threats.

Enterprises must also practice the principle of least privilege. Check permissions and restrict access across layers, and grant these only to those who need them.

The security team should habitually perform security audits and reviews. If a security hole is found, promptly take appropriate steps to resolve it quickly by deploying the latest patches or removing the file from the bucket.

The staff must monitor the system for unusual activities. Ensure logs are turned on so that information may be captured for monitoring and analysis of security threats.

The company should hold regular cybersecurity training for the staff to spread awareness on securing cloud storage services.

As additional layers of protection, the following Trend Micro solutions are also recommended:

 

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.