Oh, Chicago! Another AWS S3 configuration blunder has resulted in personal information leakage of 1.8 million voter records that were left in the open for anyone to download.
This, after a researcher with UpGuard discovered the misconfigured cloud security.
ES&S revealed that it was notified of the vulnerable database by the researcher, and that it contained personal information that was collected from the recent elections in Chicago, Illinois, including the names, addresses and dates of birth of the voters.
Partial social security numbers were also in the mix, as were driver licenses and state ID numbers.
All this data was publicly accessible for an unknown period of time.
Luckily, the Amazon Web Services server did not include any ballot information or vote totals, and was not connected to the voting or tabulation system that is in place in Chicago. The company stresses that the leak had no impact on the results of any elections.
Good to know.
The FBI has begun its own full investigation to perform thorough forensic analysis of the AWS server in question, with the agency saying that the investigation is still ongoing.
AWS for its part has begun sending warning emails to S3 bucket users that have set public permissions to their cloud implementations. But it is clear here that despite these high-profile leaks, not everyone is taking cloud security as seriously as they should.
Do you agree?