Recent data leak incidents

18.11.2022

Back to news

Personal data from thousands of databases on Amazon Relational Database Service (Amazon RDS) leaked.

Amazon Relational Database Service (Amazon RDS) – is a Platform-as-a-Service (PaaS) that provides a database platform based on a few optional engines (e.g., MySQL, PostgreSQL, etc.) Mitiga company experts reported the incident. The data exposed contained names, email addresses, phone numbers, dates of birth, marital status, car rental information, and even company credentials.  According to the cyber experts’ findings, the data leak occured because of the function, which made it possible to make Public RDS snapshots. During the research term, from the 21st of September 2022 to 20th of October 2022, the experts obtained 810 snapshots publicly available from a few hours to a few weeks. This means, that intruders could have misused them.

Cybernews experts obtained a set of confidential data from artificial intelligence powered CRM-platform Metroleads. It contained a few thousand SIP tokens; individual and organizations’ emails. What’s more, the data on user’s location was exposed as well. The Cybernews  expert notified about the risks, referring to the incident. For instance, fraudsters may use the obtained data in order to perform a cyber attack.