Thousands of FedEx customers’ private info exposed in legacy server data breach
THOUSANDS OF FedEx customers have had their private information exposed after one of the courier’s legacy servers was left open without a password.
Uncovered by Kromtech Security Center, the parent company of MacKeeper Security, the breach exposed data such as passport information, driver’s licenses and other high profile security IDs, all of which were hosted on a password-less Amazon S3 storage server.
However, according to the security researchers at Kromtech, it was later secured after the team made contact with FedEx.
This apparently happened due to FedEx not securing the data stored on the Amazon S3 virtual server, which was originally owned by Bongo, a company which FedEx bought in 2014 and rebranded as FedEx Crossborder (which was actually shut down last year).
As a result, the exposed data wasn’t super recent, and instead included records from 2009 – 2012. However, as many people’s state-issued IDs last for 10 to 20 years, much of the leaked data is probably still very sensitive.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise