Pierluigi Paganini August 22, 2017

Security researchers discovered that hotel booking service Groupize allegedly exposed sensitive data contained in unsecured AWS storage bucket

Security experts continue to discover unsecured AWS storage bucket leaking sensitive data. Last discovery in order of time is an AWS storage related to the hotel booking service Groupize, it was discovered by Kromtech Security Center researchers and confirmed in an analysis published by  MacKeeper.

“Kromtech Security Researchers have discovered a database that appeared to be associated with the automated online group hotel room booking service Groupize.” wrote MacKeeper.

“Publicly accessible bucket was hosted under ‘prm-production’ domain on AWS. No logins or passwords were required to access the data.”

Groupize denies that sensitive has been leaked, but MacKeeper’s researcher Bob Diachenko claims that until August 15 the exposed data included nearly 3,000 documents detailing contracts or agreements between hotels, customers and Groupize, including credit cards’ payment authorization forms, more than 3,000 spreadsheets, more than 32,000 “menus, and images.

“Here is what researchers were able to see:

• A folder named “Documents” contained 2,936 scans or PDFs of contracts or agreements between hotels, customers and Groupize, including credit cards’ payment authorization forms, with full CC#, expiration date and CVV code.

• A folder named “all_leads” contained 3,188 spreadsheets. In a single random sampling there was a total of $12.6 Million in just one spreadsheet.

• Folders titled WhiteLabel / attachments contained 32,695 files in 37 folders ( these are menus, images and more)”

Recently other AWS S3 leaking data have been discovered, the popular data breach hunter Chris Vickery discovered a Verizon repository that leaked 14 million customer records and an open bucket belonging voting machine supplier ES&S that contained more than 1.8 million voter records belonging to Americans.

It is easy to predict the discovery of many other open AWS storages left open online.

A few weeks ago Amazon presented its service Macie, which would detect unsecured corporate data repositories.

“Amazon Macie is a service powered by machine learning that can automatically discover and classify your data stored in Amazon S3. But Macie doesn’t stop there, once your data has been classified by Macie, it assigns each data item a business value, and then continuously monitors the data in order to detect any suspicious activity based upon access patterns.” wrote Amazon.