Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io
Cloud Threat Landscape

Capita data leak

Type
Research
Actors
Pub. date
May 5, 2023
Initial access
Cloud native misconfig
Impact
None
References
https://techcrunch.com/2023/05/05/security-researcher-finds-trove-of-capita-data-exposed-online/https://doublepulsar.com/capitas-standard-industry-practice-633gb-open-cloud-storage-5d87e7e96a70
Status
Finalized
Last edited
Jun 2, 2024 8:02 AM

UK outsourcing company Capita exposed sensitive data in a public S3 bucket with no password protection for seven years (since 2016). The bucket contained approximately 3,000 files totaling 655GB - including documents, software, cleartext secrets, server images and more - and was discovered by a security researcher.

Made with 💙 by Wiz

Last Updated: April 3, 2025