Since the Apache server was leaked at the end of last year, 250 GB of banking documents for online Brazilian customers were exposed due to a newly added flaw in the Amazon Simple Storage Service (S3) bucket.
350 MB of total files were sent to the electronic magazine. hacking Announced this Monday (22). The warning was issued by members of the Data Group, a team of independent Brazilian researchers who are specialized in identifying fatal weaknesses in industrial applications and systems. Please understand the following cases better.
Amazon Server Error
Amazon's Simple Storage Service (S3) is a cloud storage service. Incorrectly configured access can be exposed. This allows all users without authentication to download the file.
According to hackingThis is configured as a recurring server error and manual bucket configuration is required to block public permissions.
The total file received by the electronic magazine contains a series of digitized personal documents such as ID, CPF, and CNH (National Driver's License).
Other types of leaks include credit cards, address proofs, money orders, statements, contracts, pay stubs, and other examples such as paychecks. Affected account holders' profiles are centered around retirees, pensioners, soldiers or government officials.
As the number of exposed files and files that have not been cleaned so far has increased, many of the victims have not been taken up by this leak.
Most Affected Schools
The most affected financial institution in this case was Banco Pan, and when a large amount of documents were exposed, the company appeared in a claim collection request collected by trading partners.
It should be remembered that it was formerly owned by the Sílvio Santos Group under the name PanAmericano. In May 2011, the entirety was sold to Banco BTG Pactual S.A., which was later sold to Caixa Participações S.A. – Organized by Caixapar.
Exposed data from other companies is also under investigation. hacking. Publications promise more information soon.
Pan bank positioning
TudoCelular contacted Banco Pan to get the most up-to-date information about the leaked documents. The company's press office sent a note similar to the report's report. hacking, Which rejects ownership of the environment and verifies that registration data is collected by business partners. Full verification:
"The bank has noticed that the environment it investigated is not its property and that the intrusion was not detected as a result of a careful analysis of the security system.
When working with business partners, potential customer registration data is collected by the partner before effectively formulating work with the bank, so if the misuse of this information is identified, take appropriate action.
This confirms that information security is one of the priorities according to internationally recognized best practices required by regulatory authorities.
We can work with facts through our dedication to society. "
What is the evaluation of Internet banking data leakage? Join us!