ABC Confirms AWS S3 Data Leak

Security Unlocked

Here we go again! Australian Broadcasting Corporation, better known as ABC, is the latest organization to confirm a data leak when an unsecured AWS S3 repository was exposed.

It resulted in passwords and videos making their way out.

Advance video content and years of backups were hosted in the cloud, which security outfit Kromtech revealed, along with the details that it was connected to ABC Commercial, the licensing and merchandising wing of the broadcaster.

ABC Logo

The treasure trove included production services, and stock files that should have not been publicly available, along with some 1,800 daily MySQL database backups from 2015 to present.

These backups and other data housed in the buckets included details like thousands of emails, logins, and hashed passwords for ABC Commercial users to access the ABC content — including details of users that are well known members of the media.

Requests for licensed content sent by TV and media producers from across the globe to use ABC content and pay royalties. AS well as secret access key and login details for another repository that housed advance video content.

In other words, this was bad.

The government backed broadcaster confirmed in a statement that it was notified of the data leak on November 16, saying that its technology teams acted promptly to solve the issue.

What’s even more interesting is that these unsecure repositories were detected in this state, barely a week after AWS introduced new S3 encryption and security features for users.

And to top it all off, this is not the first time ABC has accidentally exposed sensitive data. Back in 2010 it sent an email to players of its augmented reality game Bluebird with their personal details, and a 2013 hack of its website led to the information of some 50,000 users being exposed online.

It’s almost like they don’t even know the ABC of security.

Sorry, just had to go there!