A cloud misconfiguration has leaked personal details of countless airport staff throughout South America, a new report suggests.
An Amazon Web Services S3 bucket was found without any authentication required to access its contents. A team at AV comparison site Safety Detectives found the problem and notified the owner, Swedish security giant Securitas on October 28 2021. The firm secured the database on November 2.
Safety Detectives believe the S3 bucket contained around 1.5 million files.
Researchers found personally identifiable information (PII) on Securitas and airport employees dating back to November 2018 inside the 3TB trove.
At least four airports across Peru (Aeropuerto Internacional Jorge Chávez) and Colombia (El Dorado International Airport, Alfonso Bonilla Aragón International Airport, and José María Córdova International Airport) have been hit.