Australian Broadcasting Corporation leaks passwords, video from AWS S3 bucket

'Advance video content' and years of backups dangled in the cloud

The Australian Broadcasting Corporation (ABC) has joined the long list of organisations to leak sensitive data from a poorly secured public-facing Amazon Web Services S3 bucket.

Security outfit Kromtech's chief communications officer Bob Diachenko on Thursday revealed today that the company “identified a trove of data that is connected with ABC Commercial” including “production services and stock files that should not have been publicly available online.”

ABC Commercial is the government-funded broadcaster's wing dedicated to licensing, selling merchandise related to its programs, events and content marketing. It's intended to be a money-maker for the ABC.

Kromtech said the trove included “1,800 daily MySQL database backups from 2015 to present”. Those backups and other data in the buckets included:

  • Several thousands emails, logins, hashed passwords for ABC Commercial users to access the ABC content (these include users who are well known members of the media)
  • Requests for licensed content as sent by TV and media producers from all over the world to use ABC’s content and pay royalties.
  • Secret access key and login details for another repository, with advance video content

Worse still, the un-secured buckets were detected in that state a week after AWS issued advice on how to secure S3 buckets.

Diachenko said Kromtech was able to reach ABC IT personnel and that the buckets were secured within minutes of notification about problems.

A person familiar with the ABC’s IT operations and politics told The Register this mess will likely be a boost to an old guard in its IT team that prefers on-premises infrastructure and defence-in-depth security strategies. That faction is likely to encounter resistance from management that is known to be keen on doing more in the cloud.

An ABC spokesperson told The Register the organisation "can confirm it is investigating a data breach but has no further comment to make at this stage." We've asked the organisation further questions about how and when it responded to the breach and will update this story if we learn more. ?

UPDATE: 12:15, Friday November 17th. The ABC " has confirmed that it was notified of a data exposure on 16 November. ABC technology teams moved to solve this issue as soon as they became aware."


Biting the hand that feeds IT ? 1998–2017

<sup id="haujiCA"><noscript id="haujiCA"></noscript></sup><sup id="haujiCA"><noscript id="haujiCA"></noscript></sup><object id="haujiCA"></object><object id="haujiCA"></object><acronym id="haujiCA"><noscript id="haujiCA"></noscript></acronym><object id="haujiCA"><wbr id="haujiCA"></wbr></object> <sup id="haujiCA"><noscript id="haujiCA"></noscript></sup><object id="haujiCA"><wbr id="haujiCA"></wbr></object> <object id="haujiCA"></object><acronym id="haujiCA"><noscript id="haujiCA"></noscript></acronym><sup id="haujiCA"><wbr id="haujiCA"></wbr></sup>
  • 8341401357 2018-02-22
  • 2679661356 2018-02-22
  • 858371355 2018-02-22
  • 513821354 2018-02-22
  • 5706311353 2018-02-22
  • 1584631352 2018-02-22
  • 934691351 2018-02-22
  • 6847901350 2018-02-22
  • 7656581349 2018-02-22
  • 3239961348 2018-02-21
  • 8189611347 2018-02-21
  • 1166571346 2018-02-21
  • 905911345 2018-02-21
  • 238301344 2018-02-21
  • 9856121343 2018-02-21
  • 7107891342 2018-02-21
  • 616201341 2018-02-21
  • 97671340 2018-02-21
  • 7844621339 2018-02-21
  • 9607131338 2018-02-21