Exposure of airport employee records – A story of accident misconfiguration

Table of Contents

Table of Contents

In a stark reminder of the critical importance of cybersecurity in today’s digital age, Securitas, a multinational security services company based in Stockholm, inadvertently exposed over 3TB of sensitive data (more than 1.5 million files). This data, belonging to their airport clients in Colombia and Peru, dates back to 2018 and includes personal information about employees working at these airports.

The Breach: How Misconfigured S3 Buckets Led to Data Exposure

The breach involved an AWS S3 bucket which are a widely-used, reliable, and scalable cloud storage platform designed to store various types of files. The following illustration provides a quick glimpse of the files commonly stored in the S3 bucket.

However, in this case, a simple misconfiguration of the S3 bucket led to a massive data exposure. Delving into the data exposure, this article aims to offer an easy-to-read guide accompanied by illustrative details. Additionally, we will provide guidelines for detection.

What happened?

In 2021, Securitas inadvertently misconfigured an AWS S3 bucket containing employee information for airport workers. This likely occurred due to human error, with no indications that the misconfiguration was caused by a threat actor. SafetyDetective’s cybersecurity team discovered the exposure in October 2021, and Securitas fixed the issue in November 2021.

While there were no reports of breaches or the exposed data appearing on the dark web, the duration of the misconfiguration remains unknown. Given an extended exposure period, a malicious actor could have potentially accessed large amounts of sensitive data.

The Risks of Misconfiguration

Misconfigured cloud storage can lead to unintended data exposure, potentially giving unauthorized users access to sensitive information. In the case of Securitas, the exposed data included highly sensitive personal details of airport employees, which could have been exploited by malicious actors had they discovered the vulnerability.

Detection and Prevention: How to Safeguard Against Misconfigurations

There are opportunities for detection. When the administrator has misconfigured the S3 bucket, we can detect such activities by:

Detecting for ‘bucket allow public access’ event.

Instead of relying on good Samaritans to discover these vulnerabilities, organizations must take active steps to monitor and secure their cloud infrastructure, minimizing the risk of accidental data exposures due to human error.

Staying ahead of cyber threats

Innovative solutions by InsiderSecurity

Looking for ways to stay ahead of any cyber threats? InsiderSecurity provides advanced cybersecurity behavior analytics products that help your company to uncover cyber threats before there is any serious data loss. We offer a range of solutions, including Automated UEBA for securing on-premise and cloud IT infrastructure, as well as the CSX for ensuring cloud data security.

CSX is designed to detect sophisticated attacks described in this article, making it an essential subscription for any organization serious about its cybersecurity posture. Beyond detecting threats, CSX offers recommendations and a user-friendly avenue for executing remedial actions and implementing mitigation strategies.

CSX provides an easy way to perform mitigation and remediation.

Conclusion

The Securitas data exposure incident serves as a sobering reminder of the potential consequences of cloud misconfigurations. As cloud storage becomes increasingly integral to business operations, ensuring the security of these systems is paramount. By implementing robust detection strategies and continuously monitoring cloud configurations, organizations can protect their digital assets and avoid the costly consequences of data breaches.

Uber Hack – A Deeper Dive

Explore the intricacies of the Uber hack by LAPSUS$ in this detailed analysis. Understand the methods used by threat actors and learn effective detection strategies to safeguard your cloud infrastructure.

Read More »