Open AWS S3 Bucket Leaks Hotel Booking Service Data

Now, admittedly, this is on a much smaller scale, but a data leak is a data leak! And this one, again, involves an open AWS S3 bucket. The misconfigured bucket was leaking corporate data.

This was found by researchers over at Kromtech Security Center, who found that hotel booking service Groupize was leaking sensitive information.

The discovery has actually led to a spat between the two parties, with Groupize quickly locking things down on its cloud server, and actually denying that anything sensitive leaked. Even as the researchers claim that several folders, and nearly 3,000 documents were left out in the open.

These detailed contracts and agreements between hotels, customers, and Groupize, and also included credit card payment authorization forms, with full expiration dates and CVV codes.

There was a leads folder, with more than 3,000 spreadsheets, and another folder with over 32,000 menus, images, and more.

Very specific, all this.

Kromtech first notified Groupize on August 9, and the AWS S3 bucket was locked down on August 15.

These AWS S3 leaks have rather become the flavor of the year, with customer configuration blunders coming into the spotlight every few weeks, many of them high-profile. Verizon leaked 14 million customer records, while Dow Jones and ES&S, a voting machine suppler, were also in the news.

For all the wrong reasons!

Amazon, for its part, has been sending emails to notify these users, and has also unveiled its patrol bot service called Macie that helps identify and shut down unsecure corporate data repositories.