Skip to content
This repository has been archived by the owner on Apr 14, 2021. It is now read-only.

pbnj/YAS3BL

Repository files navigation

YAS3BL (Yet Another S3 Bucket Leak)

🔓 Enumerating all the AWS S3 bucket leaks that have been discovered to date.

Company Link Records Exposed Data

211 LA County

🔗 3.2 million Files include access credentials for 211 system operators, email addresses for contacts and registered resources of LA County 211, and detailed call notes, including full names, phone numbers, addresses, and even 33,000 instances of full Social Security numbers.

Accenture

🔗 137+ GB 4 S3 buckets exposing secret API data, authentication credentials, 40,000 plaintext passwords, credentials for GCP and Azure accounts, SSL certificates, private decryption keys, production VPN keys for internal/private networks, database dumps, user IP addresses, JSESSION IDs.

AgentRun

🔗 Names, addresses, dates of birth, phone numbers, income ranges, social security numbers (SSNs), driver licenses, armed forces and voter identification cards, bank checks, insurance policy documents, health and medical information (e.g. prescriptions and dosages), and some financial data. Insurance companies found in the data included Cigna, TransAmerica, SafeCo, Schneider Insurance, Manhattan Life, Everest - to name a few.

Alliance Direct Lending Corporation

🔗 1 million Names, addresses, credit scores and partial Social Security numbers

Alteryx

🔗 123 million Data sets belonging to Experian and US Census Bureau, containing personal details of 198 million American voters and 123 million American household PII data such as home addresses, contact information, morgage ownership, financial histories, and purchasing behaviors.

Australian Broadcasting Company

🔗 50,000 Personal data of Australian employees of several government agencies, banks, and a utility company, including full names, passwords, IDs, phone numbers, email addresses, credit card numbers, salaries and expenses.

Booz Allen Hamilton

🔗 Undisclosed Top Secret data from DoD, Pentagon, and National Geospatial Intelligence Agency (NGA), SSH keys, credentials granting access to data center Operating System

DeepRoot Analytics

🔗 200 million 1.1 Terabytes worth of data on registered voters

Department of Defense

🔗 1.8 billion Three (3) S3 buckets containing 1.8 billion posts of scraped internet content over the last 8 years.

Dow Jones

🔗 2.2 - 4 million Names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications

ES&S

🔗 1.8 million Chicago voter names, addresses, date-of-births, partial SSNs, Driver Licenses, and state ID numbers

Fedex

🔗 119,000 Scanned documents of US and international citizens, such as passports, driver licenses, security IDs, home addresses, phone numbers, zip codes

Groupize

🔗 38,000 Credit Card numbers, expiration dates, CVV codes

Honda

🔗 50,000 Names, phone numbers and email addresses for users and their trusted contacts, passwords, gender, information about their cars including VIN, Connect IDs.

MBM Company Inc.

🔗 1.3 million Names, addresses, zip codes, phone numbers, email addresses, ip addresses, plaintext passwords

Mexico's Electoral Authority (INE)

🔗 93.4 million Mexican voter registration data

National Credit Federation

🔗 111 GB Internal personal and financial data of tens of thousands of customers.

NSA

🔗 47 files Highly sensitive INSCOM data. Some data was 'NOFORN' classified, indicating high sensitivity that cannot be shared with foreign allies

Octoly

🔗 12,000 A database backup, called octoly_production.sql, exposed real names, addresses, phone numbers, email addresses, birth dates of thousands of influential online personalities (Instagram, Twitter, and YouTube personalities), like Dior, Lancome, and Blizzard Entertainment

Patient Home Monitoring

🔗 316,363 47.5 GB PDF medical records containing weekly blood test results, patient names, addresses, and phone numbers. Development server backups. Doctor's names, case management notes, and additional client information.

SVR Tracking

🔗 540,642 Tracking unit information including usernames, passwords, emails, Vehicle Identification Numbers, license plate numbers, IMEI numbers of GPS devices, specific location where the tracking units were hidden, information on customers and 427 dealerships, 116 GB of hourly backups, 8.5 GB of daily backups from 2017, and 339 log documents

TigerSwan

🔗 9,402 Resumes of Top Secret US military veterans names, addresses, phones, emails, Driver License numbers, passport numbers, partial SSNs

Time Warner/BroadSoft

🔗 4 million 600 GB worth of data including usernames, emails addresses, MAC addresses, device serial numbers, and financial transaction information

Verizon

🔗 14 million Verizon customer names, addresses, account details, and Personal Identification Numbers (PIN)

Verizon

🔗 100 MB Data from internal Verizon Wireless system (DVS), 129 Outlook messages, logs, server names & info, admin usernames & passwords

Viacom

🔗 72 files Encrypted compressed archives containing backup of company's IT infrastructure and private GPG keys used to encrypt the compressed archives

WWE

🔗 3,065,805 Fans names, physical addresses, email addresses, earnings, ethnicity, children’s age ranges, birthdates and additional personally identifiable information