{"id":45084,"date":"2022-01-31T15:42:53","date_gmt":"2022-01-31T15:42:53","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33055\/Unsecured-AWS-Server-Exposed-3TB-In-Airport-Employee-Records.html"},"modified":"2022-01-31T15:42:53","modified_gmt":"2022-01-31T15:42:53","slug":"unsecured-aws-server-exposed-3tb-in-airport-employee-records","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/unsecured-aws-server-exposed-3tb-in-airport-employee-records\/","title":{"rendered":"Unsecured AWS Server Exposed 3TB In Airport Employee Records"},"content":{"rendered":"

An unsecured server has exposed sensitive data belonging to airport employees across Colombia and Peru.  <\/p>\n

\n

ZDNet Recommends<\/span> <\/h3>\n
\"The<\/span> <\/a> <\/div>\n

The best security key <\/a> <\/p>\n

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.<\/p>\n

Read More<\/a> <\/p>\n<\/p><\/div>\n

On Monday, the SafetyDetectives cybersecurity team said the server belonged to Securitas<\/a>. The Stockholm, Sweden-based company provides on-site guarding, electronic security solutions, enterprise risk management, and fire & safety services.  <\/p>\n

In a report shared with ZDNet<\/em>, SafetyDetectives<\/em> said one of Securitas’s AWS S3 buckets was not appropriately secured, exposing over one million files on the internet.  <\/p>\n

The server contained approximately 3TB of data dating back to 2018, including airport employee records. While the team was not able to examine every record in the database, four airports were named in exposed files: El Dorado International Airport (COL), Alfonso Bonilla Arag\u00f3n International Airport (COL), Jos\u00e9 Mar\u00eda C\u00f3rdova International Airport (COL), and Aeropuerto Internacional Jorge Ch\u00e1vez (PE). <\/p>\n

The misconfigured AWS bucket, which did not require any authentication to access, contained two main datasets related to Securitas and airport employees. Among the records were ID card photos, Personally identifiable information (PII), including names, photos, occupations, and national ID numbers. <\/p>\n

In addition, SafetyDetectives says that photographs of airline employees, planes, fueling lines, and luggage handling were also found in the bucket. Unstripped .EXIF data in these photographs was exfiltrated, providing the time and date the photographs were taken as well as some GPS locations.  <\/p>\n

\"screenshot-2022-01-27-at-09-34-27.png\"<\/span>