Orsegups Participacoes, a Brazilian physical security company, exposed over 25GB of files through an unsecured Amazon Simple Storage Service (S3) bucket. The documents stored on the server included tax documents, receipts, payment slips, and a series of invoices for clients, both residential and commercial, who have used this service. The invoices included information such as the clients’ full name, Social Security numbers, addresses, and telephone numbers. The company stated that the S3 bucket “only stored legacy files from a portal that had already been disabled in 2017, in an AWS account that is no longer used.” Orsegups has its security team monitoring for the information being posted online.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is