Another company has leaked millions of customer records. This time, however, hackers weren’t to blame. Rather, a company partnering with Verizon placed these records in a publicly available Amazon AWS S3 bucket, where anyone with the right URL could access them. Sometimes, simply misconfigurations create huge security problems. Watch the video below for a few more details about this incident (as well as a special message).
Episode Runtime: 2:35
Direct YouTube Link: https://www.youtube.com/watch?v=juZ-CJg2F-g
EPISODE REFERENCES:
- Parnter exposes millions of Verizon accounts – Upguard
- Exposed Verizon data may help in other hacks – Help Net Security
- Verizon leak exposes 14 million records – Geekwire
Corey Nachreiner, CISSP (@SecAdept)
What is CrimsonThorn?
You can see a blurb on our main company page (https://www.watchguard.com/) for a bit more, but in short, it is the entry point for a puzzle challenge/contest we are doing at Blackhat Las Vegas this year. I will post a video with more detail on it next week. If you are coming to Blackhat, starting the puzzle with give you a head start to winning the contest. If you aren’t, it’s still a fun challenge, and something we will likely expand on for non-Blackhat attendees in the future.
Funny, it got me all suspicious and I wouldn’t even go to the link until I could fire up my VM and do it in there after I took a snapshot.
That is probably a good instinct to have… In general, you never know how ppl will phish. Plus, the page requires javascript (in order for our terminal emulator to work), which could also make you suspicious. So always good to have some suspicion. That said, don’t worry. It is a legit page made by my team for this puzzle contest / alternate reality game. ^_^