December 11, 2023

Sega Europe, found to be exposing data via a misconfigured AWS S3 bucket. The exposed bucket contained multiple sets of AWS keys which could have been used to access many of Sega Europe’s cloud services. MailChimp and Steam keys were also found along with compromised SNS notification queues that were able to run scripts and upload files on domains owned by the company.

The exposed bucket was initially discovered on Oct. 2021, with compqny being informed the same day. The company failed to respond to first notification, only doing so after a follow-up notification sent on Oct. 28. The company subsequently secured the bucket.

Advertisements

Though there is no proof that a malicious actor may have accessed the bucket, the potential that it could have been accessed is real. The credentials, keys and passwords could, in theory, be used for malicious purposes, including the theft of company and user data.

Companies should keep their public and private cloud separated and that storage within a private cloud should be sandboxed with access to S3 buckets segmented.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d