Another day, another exposed S3 bucket. This time, 5 million US credit cards and personal details were leaked online. The Leakd.com security team discovered that 5 terabytes of sensitive screenshots were exposed in a freely accessible Amazon S3 bucket.
An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more. There is no limit to the amount of data you can store in an S3 bucket, and individual instances can be up to 5 TB in size. In this case we don’t know who’s behind the leak, although it seems clear from the screenshots that it’s a phishing operation and the credit and debit card information was exactly the data they were after.
Read more…
Source: Malwarebytes Labs
Related:
- Discord hit by data breach after hackers strike support tickets
October 6, 2025
Discord has warned users it suffered a cyberattack which caused a potentially worrying data breach. In a data breach notification announcement posted on the company’s blog, Discord said a third party, providing customer support services, was breached. “The unauthorized party then gained access to information from a limited number of users who had contacted Discord through ...
- A breach every month raises doubts about South Korea’s digital defenses
October 4, 2025
South Korea is world-famous for its blazing-fast internet, near-universal broadband coverage, and as a leader in digital innovation, hosting global tech brands like Hyundai, LG, and Samsung. But this very success has made the country a prime target for hackers and exposed how fragile its cybersecurity defenses remain. The country is reeling from a string of ...
- Hacking group claims theft of 1 billion records from Salesforce customer databases
October 3, 2025
A notorious predominantly English-speaking hacking group has launched a website to extort its victims, threatening to release about a billion records stolen from companies who store their customers’ data in cloud databases hosted by Salesforce. The loosely organized group, which has been known as Lapsus$, Scattered Spider, and ShinyHunters, has published a dedicated data leak site ...
- UK: Renault and Dacia customer data stolen in third party cyber attack
October 2, 2025
Renault has become the most recent victim of a cyber attack. Customers of the French firm and its sister brand Dacia have been warned that their personal data, including postal addresses and emails, has been stolen by hackers. In an email sent out to customers, Renault said: “We are very sorry to inform you about a ...
- Red Hat confirms major data breach after hackers claim mega haul
October 2, 2025
Red Hat has confirmed suffering a potentially serious data breach, but the company said it was not able to verify hacker claims of stolen customer secrets. A hacking group called Crimson Collective claims to have accessed Red Hat’s private GitHub repositories, and exfiltrated approximately 570GB of different files from 28,000 internal projects. Among the files were ...
- US Air Force admits SharePoint privacy issue as reports trickle out of possible breach
October 1, 2025
The US Air Force is reportedly investigating a potential data breach caused by a Microsoft SharePoint issue. A report from The Register revealed the Air Force Personnel Center Directorate of Technology and Information issued a data breach notification shared on social media. “This message is to inform you of a critical Personally Identifiable Information (PII) and ...