On January 3rd, researchers from VPNMentor uncovered an unsecured Amazon Web Services Simple Storage Service (S3) bucket, owned by JailCore, a cloud-based app used by multiple US correctional facilities. Anyone could access the files stored on the S3 bucket using just a web browser—no password was required. Contained on the unsecured bucket were over 36,000 PDF files exposing inmate prescription records, mugshots, and other personally identifiable information. When the researchers attempted to reach out to JailCore on January 5th, JailCore refused to accept the breach notification or to confirm the researchers’ findings. However, access to the bucket was quickly closed after the researchers provided the notification to the Pentagon on January 15th.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.