AWS misconfiguration exposes the data of Indian government and universities including Banaras Hindu University
According to a recent post by Cyber Know and We Leak Database An AWS misconfiguration has led to the leak of around 3.5 TB data of from the Indian university and local government. The claims further state that institutions like Banaras Hindu University, Board of Practical Training (ER) under Ministry of Education, Govt. of India, Jamia Millia Islamia (Central University), Aliah University, Tamil Nadu Public Service Commission ( TNPSC) Government of Tamil Nadu and Hemchand Yadav Vishwavidyalaya Durg CG.
The Twitter handle also published a list of documents and the list of students. They also published the database username and password on their social media platform. We tried to reach out to BHU but weren’t able to receive any reply at the time of framing the article.
Allegedly a misconfigured AWS has exposed a large amount of #Indian university and local government data.#cybersecurity #infosec #databreach #aws #India https://t.co/gqwY1Qluxe
— CyberKnow (@Cyberknow20) September 18, 2022
According to the claims, sensitive documents, emails, env, source code, and many more were exposed publicly. The targeted organizations include Bhupro, Board of Practical Training ( BOPTkolkata), Tamil Nadu Public Service Commission, JMI University, Hemchand Yadav Vishwavidyalaya University, and the Aliah University which is the university in West Bengal.
Misconfigurations are one of the most crucial risks to cloud environments, causing around 65 to 70 percent of all the security challenges in the cloud. Accordingly, the cloud comprises a lot of settings, policies, assets, and services which makes it a worldly environment to fully understand and properly set up. This is very true for those organizations that urgently migrated to the cloud to execute remote work. Unfortunately, when organizations start using any new technology too quickly without fully understanding it causes misconfigurations. Eventually, this led to the data breach of such organizations.