A large cache of information left unprotected and affecting many US Municipalities has been discovered by the ethical hacking team at WizCase. The common denominator was software provided by PeopleGIS called mapsonline.net that many cities in the US use. WizCase’s team found over 80 misconfigured Amazon S3 buckets; however, others were configured in a way that made it difficult to determine which party was responsible for leaving the buckets vulnerable. In total, more than 1000 GB in data and roughly 1.6 million files were potentially exposed. This left documents such as business licenses, residential records such as deeds, tax information, and resumes for applicants to government jobs as well as information like email address, physical address, phone number, driver’s license number, real estate tax information, photographs of individuals (on driver’s licenses), photographs of properties, building and city plans were all vulnerable. PeopleGIS have patched the buckets after WizCase reached out, but it is unclear if they were accessed before being secured.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in