CYBER BREACH: 80+ US Municipalities left vulnerable in Massive Data Breach
By Cyber Research Team via GEO PR Channel – Gibraltar
Google Indexed on 210721 at
Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach
A team of Ethical Hackers at WIZCASE led by Ata Hakçıl has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. This breach compromised citizens’ physical addresses, phone numbers, IDs, tax documents, and more. Due to the large number and various types of unique documents, it is difficult to estimate the number of people exposed in this breach. There was no need for a password or login credentials to access this information, and the data was not encrypted.
Over a 100 US cities appeared to be using the same product, mapsonline.net, provided by an American company named PeopleGIS. The data of these municipalities was stored in several misconfigured Amazon S3 buckets that were sharing similar naming conventions to MapsOnline. Due to this, we believe these cities are using the same software solution. The team reported the issue immediately and the buckets have since been secured.
PeopleGIS is a Massachusetts-based company specializing in information management software. Many city municipalities in the state of Massachusetts and a few in surrounding states like Connecticut and New Hampshire use their software and platforms to manage a variety of data.
Our scanner revealed 114 Amazon Buckets that were named after the same pattern, revealing the connection to PeopleGIS. Among these, 28 appeared to be properly configured (meaning they weren’t accessible), and 86 were accessible without any password nor encryption.
This means there are 3 options:
PeopleGIS created and handed over the buckets to their customers (all municipalities), and some of them made sure these were properly configured;
The buckets were created and configured by different employees at PeopleGIS, and there were no clear guidelines regarding the configuration of these buckets;
The Municipalities created the buckets themselves, with PeopleGIS guidelines about the naming format but without any guidelines regarding the configuration, which would explain the difference between the municipalities whose employees knew about it or not.
What Data Was Left Vulnerable?
The Wizcase Team discovered over 80 misconfigured Amazon S3 buckets holding data related to these municipalities, totaling over 1000 GB of data and over 1.6 million files. The type of files exposed varied by municipality. This variance and the number of municipalities involved means there was no way to give a clear estimate of the number of people left vulnerable in this breach. Learn More/…
Broadcasting Daily from Gibraltar Newsroom our dedicated desk editors and newsdesk team of Professional Journalists and Staff Writers work hand in hand with our established network of highly respected Correspondents & regional/sector specialist Analysts strategically located around the Globe (HUMINT) Our individual Desk Editors all have specific subject authority as Journalists, Researchers and Analysts covering AI, Autonomous Transport, Banking & Finance Technology, Cybersecurity, GeoCrime, Defence 3.0, Energy & Renewables, BioEconomy and Transport & Logistics.
Contact the NewsTeam at [email protected]
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.