Australian Broadcasting Corporation confirms S3 data leak

The government-backed broadcaster has confirmed that data from an unsecured repository was exposed.

The Australian Broadcasting Corporation (ABC) has accidentally leaked sensitive data from at least two unsecured Amazon Web Services (AWS) S3 repositories, according to Kromtech Security Center.

The government-backed broadcaster has confirmed in a statement that it was notified of the data leak on November 16, and said its technology teams acted promptly to solve the issue.

Kromtech CIO Bob Diachenko wrote in a blog post that the security firm discovered a "trove of data" connected to ABC Commercial -- the broadcaster's commercial arm that looks after the marketing and retailing of ABC products and services worldwide -- after conducting an online search of poorly set up cloud computing sites.

Exposed data included information regarding "production services and stock files that should not have been publicly available online," according to Diachenko.

The exposed files contained thousands of emails, logins, and passwords for ABC Commercial users to access content; requests for licensed content from media producers worldwide; secret access key and login details for other repositories, with advanced video content; and 1,800 daily MySQL backups "from 2015 to present".

The unsecured repositories were detected in that state just a week after AWS introduced new S3 encryption and security features for users, Diachenko noted.

"Security can not be ignored anymore and and it is not just an organization's reputation but the real data of customers, partners, or vital business information that is at stake with each new data breach," Diachenko wrote.

This is not the first time the ABC has accidentally exposed sensitive data. Back in 2010, it sent an email to players of its augmented reality game Bluebird, saying that their names, email addresses, and passwords were available for download via an archive for almost a month.

In 2013, ABC's website was also hacked deliberately by an individual that went by the handle 'Phr0zenMyst", which lead to the details of 50,000 users being exposed online, such as usernames, email addresses, and password hashes.

ZDNet has reached out to the ABC to learn whether users whose information was exposed were notified of the leak, and the steps the broadcaster has taken since learning of the unsecured repositories.

Previous Security Coverage

Oracle pushes emergency patch for critical Tuxedo server vulnerabilities

Two of the vulnerabilities have achieved a rating of 10 and 9.9 in severity.

This banking malware wants to scoop up your email and social media accounts, too

Spin-off from Zeus malware adds features which make it look more like an espionage tool rather than malware for just stealing bank details.

Google Home and Amazon Echo hit by big bad Bluetooth flaws

Google and Amazon patch 20 million smart speakers that were vulnerable to serious Bluetooth attack.

OnePlus phones have 2 factory-installed backdoors that could steal data or root your device (TechRepublic)

A security researcher calling himself Elliot Alderson has found two factory-installed apps with major security vulnerabilities on OnePlus devices, and he says there will likely be more to come.

New free Quad9 DNS service has built-in security, privacy settings to protect internet users (TechRepublic)

Project partner IBM Security says it's time for DNS-level cybersecurity, and it's launching a free service to show how much safer the internet, and the IoT, could be.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All