Australian Broadcasting Corporation leaks passwords, video from AWS S3 bucket

'Advance video content' and years of backups dangled in the cloud

By Simon Sharwood, APAC Editor

Posted in Cloud, 16th November 2017 22:20 GMT

The Australian Broadcasting Corporation (ABC) has joined the long list of organisations to leak sensitive data from a poorly secured public-facing Amazon Web Services S3 bucket.

Security outfit Kromtech's chief communications officer Bob Diachenko on Thursday revealed today that the company “identified a trove of data that is connected with ABC Commercial” including “production services and stock files that should not have been publicly available online.”

ABC Commercial is the government-funded broadcaster's wing dedicated to licensing, selling merchandise related to its programs, events and content marketing. It's intended to be a money-maker for the ABC.

Kromtech said the trove included “1,800 daily MySQL database backups from 2015 to present”. Those backups and other data in the buckets included:

Worse still, the un-secured buckets were detected in that state a week after AWS issued advice on how to secure S3 buckets.

Diachenko said Kromtech was able to reach ABC IT personnel and that the buckets were secured within minutes of notification about problems.

A person familiar with the ABC’s IT operations and politics told The Register this mess will likely be a boost to an old guard in its IT team that prefers on-premises infrastructure and defence-in-depth security strategies. That faction is likely to encounter resistance from management that is known to be keen on doing more in the cloud.

An ABC spokesperson told The Register the organisation "can confirm it is investigating a data breach but has no further comment to make at this stage." We've asked the organisation further questions about how and when it responded to the breach and will update this story if we learn more. ®

UPDATE: 12:15, Friday November 17th. The ABC " has confirmed that it was notified of a data exposure on 16 November. ABC technology teams moved to solve this issue as soon as they became aware."

Sign up to our NewsletterGet IT in your inbox daily

Post a comment

More from The Register

Xen Project patches Intel’s Lazy FPU flaw

Guest register states are readable, but the patch cavalry has arrived

Australia, Solomon Islands to ink Huawei-free cable contract today

Spook-driven paranoia? No, it's just friendly competition, honest

Countdown starts for new Xen hypervisor release

RC1 for Xen 4.10 is upon us, so get testing, hyper-hipsters

Citrix snuffs Xen and NetScaler brands

Arise, ‘Citrix Hypervisor’ and ‘ Citrix SD-WAN’

Xen turns it up to 4.11 and shrinks itself to contain containers

New version turns Meltdown mitigation into a feature

Australian Senate passes meaningless motion that says encryption is very useful

Token effort won't stop not-backdoors legislation

Xen Project says new version 4.10 has found balance between security and novelty

Splendid isolation for VMs, and a hand for ARM servers

Xen warns of nine embargo-worthy bugs

We won't know what they are for a fortnight, but clouds are warning of VM reboots

Good news: Apple designs a notebook keyboard that doesn't suck

Bad news: It's only a patent filing and may never actually be made

Release the hounds! Xen 4.9's first RC is out and wants testing

Early June looks like being hypervisor happy time