The size of exposed data was about 954 MB (zipped) containing many sensitive data, many files in the top level directory and no clear convention for the subdirectories.
Furthermore, UpGuard found that Several documents contained access keys for various cloud services. There were multiple AWS key pairs including one named “rootkey.csv,” suggesting it provided root access to the user’s AWS account. Other files contained collections of auth tokens and API keys for third party providers. One such file for an insurance company included keys for messaging and email providers.
On the post UpGuard noted -
some of the private keys were clearly labeled as “mock” or “test,” others were not, and included words like “kube,” “admin,” and “cloud” that could indicate association with more privileged systems. The passwords were associated with databases hosted in AWS and mail servers.After so much of sensitive data, UpGuard never used the credentials nor they dig deeper for further internal systems data.
Details like credentials, logs, and code, the repo also contained assorted documents that established the identity of the owner and their relationship to AWS. These documents included bank statements, correspondence with AWS customers, and identity documents including a drivers license. Multiple documents included the owner’s full nam.
There were more documents in the repository included training for AWS personnel and documents marked as “Amazon Confidential.”