Total Tests:

Top 10 Cloud Security Incidents in 2022

Tuesday, November 29, 2022 By Read Time: 4 min.

As organizations are increasingly moving their workloads to the cloud, cloud security is becoming more important than ever.


However, a recent report says that more than 80% of organizations have experienced a cloud-related security incident over the past 12 months. Here's a look at the biggest cloud security incidents in 2022.

Top 10 Cloud Security Incidents in 2022

FlexBooker data breach

US-based digital scheduling platform FlexBooker suffered a data breach that involved sensitive information of 3.7 million users after threat actors breached its AWS (Amazon Web Services) server. The compromised data included names, email addresses, and phone numbers, and in some cases password hashes and partial credit card information. The stolen data was then posted for sale on various hacker forums.

The breach came to light in January 2022, with the company claiming it resolved the issue. However, around the same time security researchers reported of a separate breach involving a FlexBooker cloud server that exposed personal data of up to 19 million users. It was found that the company was using an AWS S3 bucket to store data but failed to implement any security measures.

2.4TB BlueBleed data leak

2.4TB of Microsoft customer data belonging to more than 65,000 companies across over 100 countries was exposed due to a misconfigured Azure Blob Storage bucket. Dubbed “BlueBleed,” the data leak included Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, customer emails, internal documents for customers, partner ecosystem details, internal comments for customers, and other information.

Microsoft confirmed the incident, but said that the scope of the issue was greatly exaggerated and that a lot of data in question was duplicate information.

The biggest data leak in the history of China to date

Hackers stole data of more than 1 billion Chinese citizens from a Shanghai police database and tried to extort the department for about $200,000 in what appears to be one of the most extensive data breaches to date. The stolen information contained names, phone numbers, government ID numbers, and police reports.

The attackers exfiltrated the data from a database hosted by Alibaba Cloud, a subsidiary of Chinese e-commerce giant Alibaba. An investigation revealed that the database itself was secure, but that a management dashboard was publicly accessible from the open internet.

Microsoft hacked by Lapsus$ data extortion group

The infamous Lapsus$ hacker group breached Microsoft’s Azure DevOps server and stole 37 GB of data, mainly source code for the various internal Microsoft projects, including Bing, Bing Maps, and Cortana. The hackers then leaked the stolen data on their Telegram channel.

As Microsoft explained, the attackers compromised one of their employee's accounts and gained limited access to source code repositories. The company added that no customer code or data was compromised in the attack.

Medibank data breach

Medibank, one of Australia's largest health insurers, had suffered a massive data breach that affected more than 9 million customers. The hackers breached the company’s cloud-based data network and made off with a large trove of customer information. After the company refused to pay a ransom the intruders published a portion of the stolen data on the dark web. The leaked information included names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers, passport numbers and some health claims data.

23 million files exposed in Pegasus Airlines breach

Pegasus Airlines, a low-cost Turkish airline, exposed around 6.5 TB of data, including sensitive flight data, source code, and personal information of flight crews due to a misconfigured AWS S3 bucket.

The bucket contained around 23 million files including flight charts, navigation materials, and crew personal identifiable information (PII), including photos and signatures, as well as the EFB (Electronic Flight Bag) software’s source code, including plain-text passwords and secret keys.

Pegasus Airlines was informed of the incident in March 2022, but it took the company nearly a month to remedy the issue.

Mangatoon data breach

Data belonging to 23 million users of online comic book provider Mangatoon was exposed after a threat actor stole it from an unsecured Elasticsearch database. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and salted MD5 password hashes.

Puma breached in Kronos ransomware attack

Multinational sportswear maker Puma was one of the victims of a ransomware attack that hit the cloud-based HR management company Kronos in December 2021. According to Kronos, the attackers gained access to the Kronos Private Cloud (KPC) cloud environment and stole information before deploying ransomware, including data of more than 6,000 Puma employees. The files stolen in the Kronos ransomware attack also included Social Security Numbers.

For it part, Puma said that no systems in its network were breached, and that the incident was limited to Kronos’ Private Cloud.

Misconfigured Amazon server exposed Prime Video viewing data

US-based tech giant Amazon left unprotected a Prime Video database named “Sauron,” exposing around 215 million records of Prime Video viewing habits.

The database, which was stored on one of Amazon’s internal servers, contained millions of records of pseudonymized viewing information, such as show/movie streamed, a device used, network quality, subscription details, and Prime customer status. Amazon explained that the root cause of the issue was a deployment error with a Prime Video analytics server, and that no account information, including credentials and payment details were not impacted.

Massive Civicom data leak

Civicom, a company that offers audio, web conferencing, and market research services, exposed a large trove of sensitive customer data via a misconfigured Amazon S3 bucket, which was left open without password protection and security verification. Civicom exposed 8 GB of records comprising more than 100,000 files, including tens of thousands of hours of audio and video recordings of private conversations, written transcripts from the company’s clients, as well as personally identifiable information (PII) such as employees’ complete names and photographs.


What’s next:


Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.
Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential