Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Amazon cloud servers. Show all posts

Hackers Breached into Twilio's AWS; Company Confirms the Attack


In a recent cybersecurity breach incident, Twilio acknowledges that hackers breached into the company's cloud services (unsecured) and compromised its javascript SDK. The hackers modified the javascript that the company shares with the clients. Twilio, a famous cloud communications company, told a news agency about the incident, after an anonymous whistleblower had reported the issue to the agency. To summarise it all, a cybercriminal breached into Twilio's AWS (Amazon Web Services) S3 systems. It should be noted that the networks were unsecured and world-writable. The hacker modified the TaskRouter v1.20 SDK and attached some malicious codes designed to tell if the changes worked or not.


In response to the incident, Twilio says that the customer's privacy safety is the first and foremost concern for the company. Twilio confirms about the malware in the TaskRouter v1.20 SDK, and that it was the work of a 3rd party. The modification of the S3 bucket made the attack possible. According to Twilio, it immediately closed the S3 bucket after knowing the issue and has issued an inquiry into the incident. The company took roundabout 12 hours to deal with the issue. Currently, it has no proof if any of the customer accounts were stolen or not. However, it confirms that the hacker didn't break into the company's internal systems to modify coding or data.

 Twilio uses JavaScript SDK as a method to connect your business operations to its task router platforms. The company plans to publish a detailed report about the incident in a few days. However, a friendly suggestion to the users, if you have downloaded or installed an SDK copy, make sure that you have a legit copy.

 "Our investigation of the javascript that was added by the attacker leads us to believe that this attack was opportunistic because of the S3 bucket's misconfiguration. We believe that the attack was designed to serve malicious advertising to users on mobile devices," said Twilio to The Register as a response to the incident. It also says, "If you downloaded a copy of v1.20 of the TaskRouter JS SDK between July 19th, 2020 1:12 PM and July 20th, 10:30 PM PDT (UTC-07:00), you should re-download the SDK immediately and replace the old version with the one we currently serve."

Hundreds of millions of Facebook users data exposed on Amazon cloud servers




Security researchers have found a large data trove exposed  to public on Amazon's cloud computing servers.

The security experts at a cybersecurity firm, UpGuard found two separate sets of Facebook user data on public Amazon cloud servers, the firm wrote a detail blogpost. 

One of the dataset that was exposed belonged to the Mexican media company Cultura Colectiva, which contained more than 540m records, including likes, comments, reactions, Facebook IDs, account names, etc. While, the other set belonged to a defunct Facebook app named ‘At the Pool’, which was significantly smaller, but contained plaintext passwords for 22,000 users.

‘’The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers,’’ the blogpost.

‘’Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak,’’ it further added.

However, Facebook has launched an investigation into the matter, but they do not the nature of the data, how it was collected or why it was stored on public servers. The company said it will inform users once they will find evidence that the data was misused.