Researchers at vpnMentor have discovered a leaking Amazon S3 bucket that contained more than 270,000 records with various information, including military documents. The unsecured S3 bucket belonged to Doxzoo, a document printing and binding production company, based in the U.K., but servicing customers from all around the globe.
According to researchers, the data leak “included print jobs for many high-profile clientele, including elite universities, US and UK military branches, Fortune 500 companies.”
The exposed records included names, addresses, email addresses, payment method, last four digits of the payment method, passport scans, order details, copyrighted publications (e.g. books, screenplays, TV show scripts), teacher’s guides with answers for tests, certifications, diplomas and degrees, medical documents, floor plans detailing various security elements, musical compositions, religious texts, internal military documents (including classified information) belonging to the US and UK military. The estimated number of impacted customers could be over 100,000, the firm says.
The experts noted that the incident also impacted Doxzoo customers from India, Nigeria and Sri Lanka.
Upon discovering the data leak vpnMentor has reached out to Doxzoo with its findings, but the company never responded. The database was secured only after the researchers have contacted Amazon.