FedEx Customer Data Exposed on Unsecured S3 Server

  /     /     /  
Publicated : 22/11/2024   Category : security


FedEx Customer Data Exposed on Unsecured S3 Server


Thousands of documents from US and international citizens were exposed on an Amazon S3 bucket configured for public access.



Data belonging to thousands of global FedEx customers was exposed on an unsecured Amazon Simple Storage Service (S3) server configured for public access, Kromtech security analysts discovered earlier this month.
The exposed bucket belonged to Bongo International LLC, a company created to help North American companies market to customers around the world. FedEx acquired Bongo in 2014. Two years later, it relaunched it as FedEx Cross-Border International, which shut down in 2017.
Although the organization was closed, data inherited from 2009-2012 remained available on the server, exposing personal identifiable information from citizens representing Canada, Japan, China, Australia, the EU, and other countries until the bucket was removed from public access this month. The server contained more than 119,000 scanned documents including passports, drivers licenses, and security IDs, in addition to scanned Applications for Delivery of Mail Through Agent forms with names, home addresses, phone numbers, and zip codes.
FedEx reports it has no evidence the data was compromised but is still investigating the matter. The company joins a growing list of organizations that have unintentionally compromised consumer data by failing to properly secure their Amazon S3 storage buckets -- a trend that continues as more businesses
move to the cloud
without taking proper security precautions.
We need to get our heads out of the clouds, because cloud services are only as secure as you make them, says Brian NeSmith, CEO and cofounder at Arctic Wolf Networks. Companies need to start applying the same rigor and discipline to their cloud infrastructure as they do to their on premises network.
On top of that, a recently discovered search engine makes it
easier
to look for data left on misconfigured S3 servers. The service, dubbed BuckHacker, lets people search by file name or bucket name, which may include the name of the business using the server.
Read more details on the FedEx leak
here
.
 
 
 Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the
conference
 and
to register.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FedEx Customer Data Exposed on Unsecured S3 Server