According to cybersecurity company WizCase, more than a terabyte of data containing 5.5 million files was left exposed, revealing the personal information of more than 100,000 clients of a Colombian real estate company.
The breach was discovered by Ata Hakçıl and his team in a database held by Coninsa Ramon H, a company specializing in architecture, engineering, construction and real estate services. “There was no need for a password or login credentials to view this information, and the data was not encrypted,” the researchers said. noted in an exclusive report shared with The Hacker News.
Data exposure is the result of an improperly configured Amazon Web Services (AWS) Simple Storage Service (S3) bucket, leading to the disclosure of sensitive information such as customer names, photos, and addresses. Details stored in the compartment range from invoices and income documents to quotes and account statements from 2014 to 2021. The full list of information contained in the documents is as follows:
- Full names
- Phone numbers
- Email addresses
- Residential addresses
- The sums paid for estates, and
- Asset values
In addition, the bucket would also contain a backup of the database containing additional information such as profile pictures, usernames and hashed passwords. Disturbingly, researchers said they also found malicious backdoor code in the bucket that could be exploited to gain persistent access to the website and redirect unsuspecting visitors to scam pages.
It is not immediately clear whether these files were used by bad actors in a campaign. Coninsa Ramon H did not respond to The Hacker News email inquiries regarding the vulnerability.
“Based on viewing a sample of the documents, […] the misconfiguration revealed between $ 140 billion and $ 200 billion in transactions, or an annual transaction history of at least $ 46 billion, ”the researchers said. “In perspective, this represents around 14% of Colombia’s total economy. “
The highly confidential nature of the data in the database makes it highly susceptible to being exploited by cyber criminals to launch phishing attacks and carry out various fraud or scam activities, including tricking users into making additional payments. and, even worse, to reveal more personally identifiable information by tampering with the main infrastructure of the website.