Another day, another AWS Bucket exposed to the public – This time the AWS Bucket belonged to Birst.
The Cyber Risk Team at Cloud security firm UpGuard have discovered a massive trove of data exposed due to an unprotected Amazon Web Services (AWS) S3 bucket. The database belonged to Birst, a Cloud Business Intelligence (BI) and Analytics firm.
The exposed database contained 50.4 GB worth of data of one of Birst’s users Capital One, a McLean, Virginia based financial services giant and eighth-largest commercial bank in the United States. The leaked data contained technical information on Birst appliance specially configured for Capital One’s cyberinfrastructure.
According to the official blog post from UpGuard, the data also contained passwords, administrative access credentials and private keys for use within Capital One systems by an on-premise Birst cloud environment. The exposed data was enough to guide an attacker on how Brist appliance used by Capital One could have been compromised and to dig deeper into the company’s IT system.
The data was discovered on January 15th, 2018 by Chris Vickery, Director of Cyber Risk Research at UpGuard and located at the subdomain “capitalone-appliance” and allowing anyone to access.
One of the files identified by Vickery was labeled “Client.key” carrying encryption key to decrypt data. However, the key was stored with the encrypted appliance which could have allowed hackers to decrypt the encrypted appliance. This is like leaving the key and its lock in public”, explained Vickery.
Furthermore, Vickery claimed to identify usernames and their hashed password used by the company in the database for the appliance.
“Taken in full, the exposed Birst appliance provides a roadmap of where attackers would want to focus their energies in seeking to compromise Capital One’s wider systems. Of greatest interest are the locations of the ports connecting the Birst appliance with the other services that would feed its business intelligence dashboards,” said Vickery.
To read the original article: