3TB of sensitive info in Amazon S3 bucket exposed

The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.

A misconfigured Amazon S3 bucket resulted in 3TB of airport information (over 1.5 million files) being publicly accessible, open, and without an authentication requirement for access, highlighting the dangers of unsecured cloud infrastructure within the travel sector.

Airport security protects the lives of travelers and airport staff. As such, this breach is extremely dangerous with potentially devastating consequences should the bucket’s content end up in the wrong hands.

The exposed data included employee personal identification information (PII) and other sensitive company data affecting at least four airports in Colombia and Peru.

The PII ranged from photos of airline employees and national ID cards — which could present a serious threat if leveraged by terrorist groups or criminal organizations — to information about planes, fuel lines, and GPS map coordinates.

The bucket which now secured, contained information dating back to 2018, the report says, noting Android mobile apps also were contained within buckets, which security personnel tap to help with incident reporting and data handling.

In the same time, a 12,500-student community college in California has been hit by a hacker attack that brought down the school’s online services and campus phone lines.