Pocket iNET ISP Exposed 73GB of Sensitive Data On Misconfigured S3 Bucket

  • 125
  •  
  •  
  •  
  •  
  •  
  •  
    125
    Shares

Here comes another report of a massive data leak via a misconfigured Amazon S3 bucket. This time, it is the Washington-based ISP Pocket iNET that allegedly exposed a large chunk of sensitive data on the leaky bucket. Fortunately, the cybersecurity firm UpGuard spotted the flaw before a malicious hacker could exploit it.

Pocket iNET Leaked Sensitive Data On Misconfigured S3 Bucket

Researchers from UpGuard have discovered another instance of data leakage via Amazon S3 bucket. The leaky bucket belonged to Pocket iNET – a Washington based internet service provider – that left sensitive data of the firm’s employees and internal details exposed online.

Reportedly, the Cyber Risk team of UpGuard found a publicly accessible S3 bucket “pinapp2” on October 11, 2018, that contained 73 GB of data. Upon further analysis, the researchers found the data included sensitive details such as passwords, AWS secret keys, and the company’s internal data. As disclosed by UpGuard in their breach report,

Among the data exposed were lists of plain text passwords and AWS secret keys for Pocket iNet employees, internal network diagramming, configuration details, and inventory lists, and photographs of Pocket iNet equipment, including routers, cabling, and towers.

Pocket iNET ISP Confirmed Exposure Of Partial Data

UpGuard reveals in their report that they did not find the entire data downloadable by the public. Rather, it was a single folder that anyone could download.

Although the “pinapp2” bucket itself was exposed to the internet, not all of the bucket contents were downloadable… In the case of Pocket iNet, a folder called “tech” was left downloadable within the bucket. This folder contained sensitive information.

Later, in their statement, the ISP also confirmed that a single folder was inadvertently exposed to the public. However, it contained old data. They further confirm that they have resolved the issue.

Unfortunately, a single folder of PocketiNet’s network operation historical data (non-customer) was publicly accessible to Amazon administrative users… It has since been secured.

According to UpGuard, the firm fixed the problem on October 19, 2018, after which, they disclosed the incident.

Besides closing the leaky storage, Pocket iNET is also busy conducting a comprehensive network review to ensure that the other data remained safe. For now, they confirm that the personal and financial data of the customers remained secure.

Take your time to comment on this article.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!