Unsecured AWS bucket exposes over 750,000 birth certificate applications

A massive data leak made the headlines, over 750,000 birth certificate applications have been exposed online due to an unsecured AWS bucket.

Penetration testing firm Fidus Information Security discovered over 752,000 birth certificate applications that have been exposed online due to an unsecured AWS bucket. 

The huge trove of personal data has been exposed online by an unnamed company that allows its customers to get copies of their birth and death records from state governments in the United States.

“More than 752,000 applications for copies of birth certificates were found on an Amazon Web Services (AWS) storage bucket. (The bucket also had 90,400 death certificate applications, but these could not be accessed or downloaded.)” reads the post published by TechCrunch. “The bucket wasn’t protected with a password, allowing anyone who knew the easy-to-guess web address access to the data.”

The bucket also contained 90,400 death certificate applications, that anyway could not be accessed.

The exposed records include name, date of birth, current home address, email and phone number, names of family members, historical information (i.e. addresses), or the reason behind applying for the documents.

The content of the AWS bucket was updating daily, in just one week, the unnamed company owning the application added about 9,000 applications to the bucket. The applications dated back to late-2017, TechCrunch verified the authenticity of the data.

Fidus and TechCrunch attempted to contact the company via email prior to publication without success, they also informed Amazon that said it would inform the customer.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – AWS Bucket, birth certificate)

[adrotate banner=”5″]

[adrotate banner=”13″]