Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Exposed records. Show all posts

Civicom Data Breach Disclosed 8TB of Files

 

Civicom, a New York City-based company that provides audio, online videoconferencing, and market analysis services, has been discovered to be giving its customers access to a goldmine of personal and sensitive data. 

Civicom excels in virtual meetings over the internet, and the files contain audio and video recordings of private customer sessions. Unfortunately, the S3 bucket was left open to the public with no password or security verification, allowing everyone with knowledge on how to discover damaged databases to access the data.

"The greatest audio and web conferencing services on the world, webinar services, global marketing research services, top transcription/CRM entry provider, general transcription service and more online jury trials." according to the company's Homepage. 

It was caused by a misconfigured AWS S3 bucket, rather than attackers intentionally hacking into the system, as is usual of this type of data breach. There were four different datasets exposed as listed below:

  • Conferences on video.
  • Highlights that have been clipped. 
  • Recordings on audio.
  • Transcripts of Audio. 

Countless hours of video and audio recordings, as well as hundreds of written transcripts, reveal Civicom's clients' private chats. Several businesses are likely to have discussed the following topics during these discussions: 
  • Sensitive business information (perhaps includes market research calls). 
  • Confidential information. 
  • Properties of the mind. 
It is worth noting that a number of client companies have employees whose personal information is visible on the bucket. Employees of Civicom clients' PII which have been exposed include complete names and photos of the faces and bodies of staff. At the time of the event, the bucket was active and being updated, and it had been active since February 2018. The management of Civicom's bucket is not Amazon's responsibility, therefore this data leak is not Amazon's fault. 

Civicom exposed 8 gigabytes of records containing more than 100,000 files, according to the Website Planet Security Team, which discovered the database. This was due to one of Civicom's unencrypted Amazon S3 buckets. The AWS S3 bucket has been active since 2018, according to the Website Planet Security Team. 

On October 28th, 2021, the researchers discovered the vulnerability and notified Civicom of the situation on October 30th, 2021.  After three months, Civicom replied to Website Planet and retrieved the bucket on January 26th, 2022. Nonetheless, the good news is, the bucket is not accessible to the general public.

Docker Hub hack exposes sensitive data of 190,000 users

                                                                   

An unauthorized person gained access to a Docker Hub database that exposed sensitive information for approximately 190,000 users. Docker says the hacker had access to this database only for a short moment and the data accessed is only five percent of Docker Hub's entire userbase.

This information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories used for Docker autobuilds.

GitHub and Bitbucket access tokens stored in Docker Hub allow developers to modify their project's code and have it automatically build, or autobuild, the image on Docker Hub. If a third-party gains access to these tokens, though, it would allow them to gain access to a private repositories code and possibly modify it depending on the permissions stored in the token.

Docker Hub lost keys and tokens which could have downstream effects if hackers used them to access source code at big companies.

Docker Hub is the official repository for Docker container images. It makes software tools for programmers and developers.

According to a security notice sent late Friday night, Docker became aware of unauthorized access to a Docker Hub database on April 25th, 2019.

Docker disclosed the breach in an email to customers and users of Docker Hub, its cloud-based service that’s used by several companies and thousands of developers all over the world. In the email, obtained by Motherboard, Docker said that the stolen data includes “usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”

"On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data," said Kent Lamb, Director of Docker Support.

Experts Motherboard spoke to said that, in a worst-case scenario, the hackers would have been able to access proprietary source code from some of those accounts. Specifically, Docker allows developers to run software packages known as “containers.” It is used by some of the largest tech companies in the world, though it is not yet publicly known what information was accessed and which companies’ accounts were affected.