A misconfigured AWS S3 bucket containing a massive trove of data belonging to a USA-based education publishing firm, McGraw Hill, found leaking the data.
McGraw Hill is among the top three educational content publishers in the United States, widely used by educational institutions across Canada, for facilitating online classes.
The researchers discovered one non-production bucket containing over 69 million documents and 10TB+ of data and one production bucket containing 12TB+ of data. In total, 22TB of data was exposed, and the buckets contained 117 million files. The buckets were discovered on 12 June 2022. Researchers contacted McGraw Hill and received the response on 9th July 2022.
Approximately 100 thousand students could be exposed to numerous online attacks due to this data breach. Their private data, such as personal details and grades, could be at risk, and anyone could access it using a web browser.
The data exposure might have a far-reaching impact because users worldwide are affected by this exposure. However, it is unclear whether the servers were accessed by a third party with malicious intent or not.
Nevertheless, at the time of publishing this article, both exposed servers had been secured, Researchers from vpnMentor’s non-stop alerts to concerned authorities.