The Australian Broadcasting Corporation has leaked data online through two improperly secured Amazon Web Services S3 repositories, according to the Kromtech Security Centre.
Researchers from the centre, which is part of MacKeeper Security, said they had found data connected to ABC Commercial, an ABC division that earns revenue for the broadcaster through retail and content sales and publishing.
The visible material included information about production services and stock files, not material that should be available to world+dog.
Kromtech said this was not the first time that the ABC had suffered a data breach, with the corporation's website having been hacked in 2013. At that time, the details of about 50,000 users were leaked online, including usernames, email addresses, password hashes, and other user details.
{loadposition sam08}The current leak through AWS meant that the sysadmins at the ABC had misconfigured a repository and provided access to anyone with a browser who knew the URL.
A redacted screenshot of one of the user tables in MySQL database back-ups on the exposed repository, all publicly available.
Ironically, news of the ABC leak comes just a week after Amazon launched new S3 encryption and security features.
In the past, misconfigured S3 buckets have been found to be leaking data from global corporate consulting and management firm Accenture, publisher Dow Jones, a Chicago voter database, a North Carolina security firm, and a contractor for the US National Republican Committee.
The Kromtech researchers said they had launched an S3 inspector tool a month ago to help IT administrators to check AWS S3 buckets for security. "It’s been more than a year since we at Kromtech Security started alerting businesses and communities on dangers of having public access to S3 repositories," they said.
The leak contained the following, according to the researchers:
- Several thousands emails, logins, hashed passwords for ABC Commercial users to access the ABC content (these include users who are well known members of the media);
- Requests for licensed content as sent by TV and media producers from all over the world to use ABC’s content and pay royalties.
- Secret access key and login details for another repository, with advance video content; and
- 1800 daily MySQL database backups from 2015 to the present.
Kromtech said that the S3 bucket was indexed by Censys, a public search engine that allows researchers to query hosts and networks, and identified during a regular security audit of misconfigured S3 environment on 14 November.
Bob Diachenko, head of Communications at Kromtech, commented: “Security can not be ignored any more and and it is not just an organisation's reputation but the real data of customers, partners, or vital business information that is at stake with each new data breach."
Asked for comment, an ABC spokesman confirmed to iTWire that it had been notified of a data exposure on 16 November. "ABC technology teams moved to solve this issue as soon as they became aware," the spokesman added. The same information has also been posted on the ABC website.
Screenshot: courtesy Kromtech Security Centre