Type
Research
Actors
Pub. date
May 5, 2023
Initial access
Cloud native misconfig
Impact
None
References
https://techcrunch.com/2023/05/05/security-researcher-finds-trove-of-capita-data-exposed-online/https://doublepulsar.com/capitas-standard-industry-practice-633gb-open-cloud-storage-5d87e7e96a70
Status
Finalized
Last edited
Jun 2, 2024 8:02 AM
UK outsourcing company Capita exposed sensitive data in a public S3 bucket with no password protection for seven years (since 2016). The bucket contained approximately 3,000 files totaling 655GB - including documents, software, cleartext secrets, server images and more - and was discovered by a security researcher.