Data on 774k US children exposed due to misconfigured AWS S3

On July 13, 2022 hacker under alias “WeLeakDatabase” has shared a file called “774k USA SCHOOL DETAILS”. While the origins of the database have been unclear, the details of the leak have been impressive: 2GB of data, that contains information of underage students of hundreds different US schools.

Photo by Shahadat Rahman

The leaked .sql file contains the following data:

id, cart_id, ip_address, first_name, last_name, phone, email, address, city, state, zip_code, card_type, card_expires_on, price, created_at, updated_at, shipping_address, shipping_city, shipping_zip, shipping_state, processed, notes, school_id, posted, free, shipping_first_name, shipping_last_name, address2, shipping_address2, transaction_id, paid_with_paypal, paypal_order, address_line_2, react, school_price 

How did it happen

Roughly a week later hacker gave more information on the leaked file. The data belongs to “where the student details are leaking with their clean photo and their full details.” Total number of lines is 774,179, total number of emails affected by this incident: 12,909,994.

Hacker clarified that the data breach happened due to a misconfigured Amazon S3 bucket. 

The source says: “First this was discovered by me in March and on July it was published *** but after some time the post was taken down by me because I realized it was threats to childrens lifes. And Now the s3 bucket is secured so no worry. Peace”

We are indeed confused by the “kindness” of the hacker behind this breach. However, the only one to blame is the itself for letting database open to anyone on the internet with zero protection.

Is AWS S3 a problem?

With the astonishing amount of data leaks happening due to unprotected S3 buckets, the question arise naturally: is the issue in using AWS S3 itself?

Experts’ opinions are divided into two opposites, some strongly believe that the technology behind AWS S3 is flawed by its architecture design. The other popular opinion is that the AWS S3 owners are fully responsible for the files safety and access settings of the bucket.

Kaduu Team believes that many issues might have been avoided, have only Amazon set default bucket settings to private access only, so cloud engineers or occasional users don’t expose data by accident and take time to learn more about AWS S3 security modes.

To stay up to date with exposed information online, Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.