The clients affected by the incident involving a misconfigured Amazon S3 bucket include Global 500 company Ericsson and Fortune 500 company Cisco.
IT security researchers at Website Planet Security Team discovered a misconfigured Amazon S3 bucket that was owned by D.W. Morgan, a supply chain management and logistics giant D.W. Morgan. The company is headquartered in Pleasanton, California with global operations.
According to researchers, the database contained more than 100 GB worth of data with 2.5 million files detailing financial, shipment, transportation, personal and sensitive records belonging to D.W. Morgan’s employees and clients worldwide. These included Global 500 company Ericsson and Fortune 500 company Cisco.
Although, the database was discovered on November 12th, 2021 the details of it were only shared by Website Planet last week.
About exposed data
What’s worse is that the bucket remained exposed to the public without any security authentication or password meaning anyone with knowledge of how AWS buckets function could have accessed the data.
Full list of what type of data was exposed during misconfiguration:
Signatures Full names Attachments Phone numbers Goods ordered Cargo damages Process photos Process