On January 3rd, researchers from VPNMentor uncovered an unsecured Amazon Web Services Simple Storage Service (S3) bucket, owned by JailCore, a cloud-based app used by multiple US correctional facilities. Anyone could access the files stored on the S3 bucket using just a web browser—no password was required. Contained on the unsecured bucket were over 36,000 PDF files exposing inmate prescription records, mugshots, and other personally identifiable information. When the researchers attempted to reach out to JailCore on January 5th, JailCore refused to accept the breach notification or to confirm the researchers’ findings. However, access to the bucket was quickly closed after the researchers provided the notification to the Pentagon on January 15th.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is