Amazon Engineer Exposed Sensitive Data And Secret Access Key On GitHub

Amazon Engineer leaks Amazon credentials, AWS keys and sensitive data
California-based cyber resiliency firm UpGuard has recently discovered a wide-open GitHub repository with data from an Amazon Web Services engineer containing personal identity documents and system credentials including passwords, AWS key pairs, and private keys.

The size of exposed data was about 954 MB (zipped) containing many sensitive data, many files in the top level directory and no clear convention for the subdirectories.
It also contains AWS resource templates and log files, some of which included enough mentions of hostnames to identify likely AWS customers being assisted by the engineer. Some evidence point out the data were  generated throughout the second half of 2019.

Furthermore, UpGuard found that Several documents contained access keys for various cloud services. There were multiple AWS key pairs including one named “rootkey.csv,” suggesting it provided root access to the user’s AWS account. Other files contained collections of auth tokens and API keys for third party providers. One such file for an insurance company included keys for messaging and email providers.

On the post UpGuard noted -
some of the private keys were clearly labeled as “mock” or “test,” others were not, and included words like “kube,” “admin,” and “cloud” that could indicate association with more privileged systems. The passwords were associated with databases hosted in AWS and mail servers.
 After so much of sensitive data, UpGuard never used the credentials nor they dig deeper for further internal systems data.

Details like credentials, logs, and code, the repo also contained assorted documents that established the identity of the owner and their relationship to AWS. These documents included bank statements, correspondence with AWS customers, and identity documents including a drivers license. Multiple documents included the owner’s full nam.
There were more documents in the repository included training for AWS personnel and documents marked as “Amazon Confidential.”
Read Also
Post a Comment