A hole in an Amazon S3 bucket has left 50,000 private and public sector workers in Australia exposed online. While the data breach has now been rectified, it’s still not clear whether any private and sensitive information has fallen into malicious hands.
It appears that a third party contractor left the misconfigured Amazon cloud storage facility exposed, allowing access to IDs, passwords, phone numbers, addresses, credit card info and salary details. Worst hit were Aussie financial services companies AMP and Rabobank, followed by engineering business UGL, the Department of Finance, the Electoral Commission and the National Disability Insurance Agency.
The Australian Cyber Security Centre has moved swiftly to sort out the problem and to install protective measures.