Home Hacking News Pocket iNET ISP Exposed 73GB of Sensitive Data On Misconfigured S3 Bucket
Hacking NewsLatest Cyber Security News | Network Security HackingNews

Pocket iNET ISP Exposed 73GB of Sensitive Data On Misconfigured S3 Bucket

by Abeerah Hashim
written by Abeerah Hashim
data leak of 80 million US households

Here comes another report of a massive data leak via a misconfigured Amazon S3 bucket. This time, it is the Washington-based ISP Pocket iNET that allegedly exposed a large chunk of sensitive data on the leaky bucket. Fortunately, the cybersecurity firm UpGuard spotted the flaw before a malicious hacker could exploit it.

Pocket iNET Leaked Sensitive Data On Misconfigured S3 Bucket

Researchers from UpGuard have discovered another instance of data leakage via Amazon S3 bucket. The leaky bucket belonged to Pocket iNET – a Washington based internet service provider – that left sensitive data of the firm’s employees and internal details exposed online.

Reportedly, the Cyber Risk team of UpGuard found a publicly accessible S3 bucket “pinapp2” on October 11, 2018, that contained 73 GB of data. Upon further analysis, the researchers found the data included sensitive details such as passwords, AWS secret keys, and the company’s internal data. As disclosed by UpGuard in their breach report,

Among the data exposed were lists of plain text passwords and AWS secret keys for Pocket iNet employees, internal network diagramming, configuration details, and inventory lists, and photographs of Pocket iNet equipment, including routers, cabling, and towers.

Pocket iNET ISP Confirmed Exposure Of Partial Data

UpGuard reveals in their report that they did not find the entire data downloadable by the public. Rather, it was a single folder that anyone could download.

Although the “pinapp2” bucket itself was exposed to the internet, not all of the bucket contents were downloadable… In the case of Pocket iNet, a folder called “tech” was left downloadable within the bucket. This folder contained sensitive information.

Later, in their statement, the ISP also confirmed that a single folder was inadvertently exposed to the public. However, it contained old data. They further confirm that they have resolved the issue.

Unfortunately, a single folder of PocketiNet’s network operation historical data (non-customer) was publicly accessible to Amazon administrative users… It has since been secured.

According to UpGuard, the firm fixed the problem on October 19, 2018, after which, they disclosed the incident.

Besides closing the leaky storage, Pocket iNET is also busy conducting a comprehensive network review to ensure that the other data remained safe. For now, they confirm that the personal and financial data of the customers remained secure.

Take your time to comment on this article.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses