Pocket iNET ISP Exposed 73GB of Sensitive Data On Misconfigured S3 Bucket

Here comes another report of a massive data leak via a misconfigured Amazon S3 bucket. This time, it is the Washington-based ISP Pocket iNET that allegedly exposed a large chunk of sensitive data on the leaky bucket. Fortunately, the cybersecurity firm UpGuard spotted the flaw before a malicious hacker could exploit it.

Pocket iNET Leaked Sensitive Data On Misconfigured S3 Bucket

Researchers from UpGuard have discovered another instance of data leakage via Amazon S3 bucket. The leaky bucket belonged to Pocket iNET – a Washington based internet service provider – that left sensitive data of the firm’s employees and internal details exposed online.

Reportedly, the Cyber Risk team of UpGuard found a publicly accessible S3 bucket “pinapp2” on October 11, 2018, that contained 73 GB of data. Upon further analysis, the researchers found the data included sensitive details such as passwords, AWS secret keys, and the company’s internal data. As disclosed by UpGuard in their breach report,

Among the data exposed were lists of plain text passwords and AWS secret keys for Pocket iNet employees, internal network diagramming, configuration details, and inventory lists, and photographs of Pocket iNet equipment, including routers, cabling, and towers.

Pocket iNET ISP Confirmed Exposure Of Partial Data

UpGuard reveals in their report that they did not find the entire data downloadable by the public. Rather, it was a single folder that anyone could download.

Although the “pinapp2” bucket itself was exposed to the internet, not all of the bucket contents were downloadable… In the case of Pocket iNet, a folder called “tech” was left downloadable within the bucket. This folder contained sensitive information.

Later, in their statement, the ISP also confirmed that a single folder was inadvertently exposed to the public. However, it contained old data. They further confirm that they have resolved the issue.

Unfortunately, a single folder of PocketiNet’s network operation historical data (non-customer) was publicly accessible to Amazon administrative users… It has since been secured.

According to UpGuard, the firm fixed the problem on October 19, 2018, after which, they disclosed the incident.

Besides closing the leaky storage, Pocket iNET is also busy conducting a comprehensive network review to ensure that the other data remained safe. For now, they confirm that the personal and financial data of the customers remained secure.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients