Type
Research
Actors
Pub. date
May 5, 2023
Initial access
Cloud native misconfig
Impact
None
References
Status
Finalized
Last edited
Jun 2, 2024 8:02 AM
UK outsourcing company Capita exposed sensitive data in a public S3 bucket with no password protection for seven years (since 2016). The bucket contained approximately 3,000 files totaling 655GB - including documents, software, cleartext secrets, server images and more - and was discovered by a security researcher.