Massive US Pentagon Data Left Exposed On AWS S3

There are troves, and then there is this. More than 1.8 billion posts spanning eight years, many of them related to people in the US. A Pentagon contractor left social media spy archive wide open on AWS, in what is one of the biggest data leaks of all time.

A misconfigured S3 bucket is at the center of this fiasco, as usual.

This vast archive of social media and forum posts made by users all over the world was left available on a publicly accessible Amazon Web Services account, and discovered by UpGuard during a routing scan of open Amazon hosted data silos.

And what’s even more interesting is the fact that the trio of buckets were not exactly hidden, named centcom-backup, centcom-archive, and pacom-archive.

Good grief!

Veteran security breach hunter Chris Vickery stumbled on them by accident while running a scan for the word COM in publicly accessible S3 buckets. The astounding size of this US military archive was what took him by surprise, as estimates range anywhere from dozens to hundreds of terabytes.

The database also revealed some interesting clues as to what this information is being used for.

Documents make reference to the US Government Outpost program, a social media monitoring and influencing campaign designed to target oversees youth, and steer them away from terrorism.

The US Department of Defense confirmed the exposure to CNN, with Pentagon saying that the data was accessed via unauthorized means, and once alerted, Centcom implemented additional security measures to prevent unauthorized access.

Goes without saying that while the leak naturally raises questions about security, it is also sparking conversations about privacy and civil liberties.

Sites from which the content was scraped vary widely, with posts from Facebook and Twitter being the most prominent in this leaked collection. The archive contained everything from soccer discussions to talk about video games.

What a way to close a week!