"Within these files, there was a significant amount of files with sensitive financial information including card numbers and financial records. The number of files in the index from scanning totaled to 3,030,106," Vertical Structure and WhiteHat said in a summary of the bug, shared with El Reg ahead of its public distribution on Tuesday. "Vertical Structure was able to find about 13,000 spreadsheet files indexed, with 36 terabytes of data available. Unfortunately, however, this API can be accessed without any password, which is super-bad news for those facing the public internet, as many were and still are. It appears the API is provided to share files over the network, as you'd expect from a network-attached storage device. The API was eventually tracked down to an older set of Iomega NAS boxes that were, via the dodgy interface, leaving millions of files exposed to the web. Amazon's answer to all those leaky AWS S3 buckets: A dashboard warning light READ MORE
0 Comments
Leave a Reply. |