More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase.
The breach was discovered by Ata Hakçıl and his team in a database owned by Coninsa Ramon H, a company that specializes in architecture, engineering, construction, and real estate services. “There was no need for a password or login credentials to see this information, and the data was not encrypted,” the researchers said in an exclusive report shared with The Hacker News.
The data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket, causing sensitive information such as clients’ names, photos, and addresses to be disclosed. The details stored in the bucket range from invoices and income documents to quotes and account statements dating between 2014 and 2021. The complete list of information contained in the documents is as follows –
- Full names
- Phone numbers
- Email addresses
- Residential addresses
- Amounts paid for estates, and
- Asset values
In addition, the bucket is also said to contain a database backup that includes additional information such as profile pictures, usernames, and hashed passwords. Troublingly, the researchers said they also found malicious, backdoor code in the bucket that could be exploited to gain persistent access to the website and redirect unsuspecting visitors to fraudulent…