The Daily Swig Web security digest

Australian broadcaster linked to commercial data breach

James Walker | 20 November 2017 at 12:40

Securing your S3 buckets… easy as ABC?

Just one week after Amazon introduced new encryption and security features for its popular S3 cloud storage solution, the Kromtech Security Center has discovered at least two unsecured repositories that appear to belong to the Australian Broadcasting Corporation (ABC).

A trove of data found on November 14 was apparently linked to ABC’s commercial division, which provides content marketing, distribution, and a wide range of digital services to customers around the world.

According to Kromtech, the publicly accessible S3 buckets included “several thousand” emails, logins, and hashed passwords.

The repositories also included requests for licensed ABC content from global television and media producers, secret access key and login details for a separate video content repository, and 1,800 daily MySQL database backups from 2015 to present.

While Kromtech said it immediately sent notification emails to the database owners, who secured the S3 repositories “within minutes”, the researchers said it was unclear who else may have had access to the company’s data or content.

Founded in 1929, ABC is Australia’s national broadcaster. The state-owned company operates a similar taxpayer-funded and for-profit business model to the BBC.

This is not the first time that ABC has suffered a data breach over the last few years. In 2013 it was reported that company’s website was hacked, exposing the personal details of around 50,000 users.

“Security cannot be ignored anymore, and it is not just an organization's reputation but the real data of customers, partners, or vital business information that is at stake with each new data breach,” said Kromtech’s head of communications, Bob Diachenko.