Data on 774k US children exposed due to misconfigured AWS S3
➤Summary
Childrens data on the dark web discovered by our darknet monitoring service
On July 13, 2022 hacker under alias “WeLeakDatabase” has shared a file called “774k USA SCHOOL DETAILS”. While the origins of the database have been unclear, the details of the leak have been impressive: 2GB of data, that contains information of underage students of hundreds different US schools.
The leaked .sql file contains the following data:
id, cart_id, ip_address, first_name, last_name, phone, email, address, city, state, zip_code, card_type, card_expires_on, price, created_at, updated_at, shipping_address, shipping_city, shipping_zip, shipping_state, processed, notes, school_id, posted, free, shipping_first_name, shipping_last_name, address2, shipping_address2, transaction_id, paid_with_paypal, paypal_order, address_line_2, react, school_price
How did it happen?
Roughly a week later hacker gave more information on the leaked file. The data belongs to shoobphoto.com “where the student details are leaking with their clean photo and their full details.” Total number of lines is 774,179, total number of emails affected by this incident: 12,909,994.
Hacker clarified that the data breach happened due to a misconfigured Amazon S3 bucket.
The source says: “First this was discovered by me in March and on July it was published *** but after some time the post was taken down by me because I realized it was threats to childrens lifes. And Now the s3 bucket is secured so no worry. Peace”
We are indeed confused by the “kindness” of the hacker behind this breach. However, the only one to blame is the shoobphoto.com itself for letting database open to anyone on the internet with zero protection.
Is AWS S3 a problem?
With the astonishing amount of data leaks happening due to unprotected S3 buckets, the question arise naturally: is the issue in using AWS S3 itself?
Experts’ opinions are divided into two opposites, some strongly believe that the technology behind AWS S3 is flawed by its architecture design. The other popular opinion is that the AWS S3 owners are fully responsible for the files safety and access settings of the bucket.
Kaduu Team believes that many issues might have been avoided, have only Amazon set default bucket settings to private access only, so cloud engineers or occasional users don’t expose data by accident and take time to learn more about AWS S3 security modes.
To stay up to date with exposed information online, Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.
Your data might already be exposed. Most companies find out too late. Let ’s change that. Trusted by 100+ security teams.
🚀Ask for a demo NOW →Q: What is dark web monitoring?
A: Dark web monitoring is the process of tracking your organization’s data on hidden networks to detect leaked or stolen information such as passwords, credentials, or sensitive files shared by cybercriminals.
Q: How does dark web monitoring work?
A: Dark web monitoring works by scanning hidden sites and forums in real time to detect mentions of your data, credentials, or company information before cybercriminals can exploit them.
Q: Why use dark web monitoring?
A: Because it alerts you early when your data appears on the dark web, helping prevent breaches, fraud, and reputational damage before they escalate.
Q: Who needs dark web monitoring services?
A: MSSP and any organization that handles sensitive data, valuable assets, or customer information from small businesses to large enterprises benefits from dark web monitoring.
Q: What does it mean if your information is on the dark web?
A: It means your personal or company data has been exposed or stolen and could be used for fraud, identity theft, or unauthorized access immediate action is needed to protect yourself.