bucketchallenge

@[email protected]
753 Followers
124 Following
162 Posts
s3 Buckets are my hobby. Icecold nightmares about the insecurity of the cloud.
I will not link the bucket while still open here on Mastodon as the data in those would cause hurt to innocent people.
bucketchallengeFeb 18
Zentrum für Politische SchönheitFeb 18
BREAKING: Das Landgericht Chemnitz hat den Beschluss, mit dem die Beschlagnahme des Adenauer SRP+ durchgeführt wurde, soeben als rechtswidrig eingestuft! Die Beschlagnahmung des Adenauer SRP+ war damit: rechtswidrig. Der illegale Einssatz der Polizei Sachsen beim CSD Döbeln hat damit ein Nachspiel.

Beschlagnahmung des Protestbus...
Beschlagnahmung des Protestbusses „Adenauer SRP+“ in Döbeln: Nachträglicher Beschluss war rechtswidrig

Die Beschlagnahme des „Adenauer SRP+“-Busses im September 2025 in Mittelsachsen hat Folgen: Das Landgericht Chemnitz gibt dem „Zentrum für Politische Schönheit“ in einem zentralen Punkt Recht.

Freie Presse - Chemnitzer Verlag und Druck GmbH & Co. KG
bucketchallengeFeb 12

Mit Vollgas ins Datengraval: #Nürburgring parkt Kundendaten im offenen #s3-Carport

Der Nürburgring hat das Kunststück vollbracht, nicht nur auf dem Asphalt sondern auch im Cyberspace eine ordentliche Ölspur zu ziehen. Rund 24.000 Dokumente – satte 17 GB #Kundendaten – lagen wie ein herrenlos abgestellter GT3-Wagen im offenen s3-Bucket, frei einsehbar für jeden, der zufällig am digitalen Fahrerlager vorbeispazierte.

Im Datenpaket inklusive: Kopien von Schwerbehindertenausweisen, fein säuberlich beschriftete Rechnungen samt Namen und Adressen sowie Lebensläufe, bei denen man sich fragt, ob sie vor dem Datenleck schon eine Kurve zu viel genommen hatten.

Nach #Responsible #Disclosure wurde das Leck immerhin innerhalb von 24 Stunden bereinigt. Ein Boxenstopp, der nicht elegant war, aber zumindest ohne Totalschaden endete.

bucketchallengeFeb 8
Following the whole discussion about the #Washington #post I would like to bring up the #s3 bucket https://wp-stat.s3.amazonaws.com/ The folder pagestore contains #PDF files from 2015 until today with their #newspaper. run "aws s3 sync --no-sign-request s3://wp-stat/pagestore/ ." to download your personal #backup!
I wanted to point out the irony of beeing #owned by #AWS and beeing #pwned the same time!
bucketchallengeJul 12, 2025
A notary from sweden just got a mail about their open #s3 #bucket with plenty of data. The most documents where related to real estate in #Stockholm and surrounding.
bucketchallengeJul 1, 2025
Dissent Doe  Jun 30, 2025

With great thanks to @masek and @JayeLTee and others who assisted or tried to, including Rogers ISP and law enforcement in Canada, we can finally say:

Bolton Walk-In Clinic patient data leak locked down!

Read about this very frustrating effort to get exposed patient data locked down:

https://databreaches.net/2025/06/30/bolton-walk-in-clinic-patient-data-leak-locked-down-finally/

#healthsec #PHIPA #HIPA #cybersecurity #infosec #incidentresponse #dataleak

bucketchallengeJun 21, 2025
Martin SeegerJun 21, 2025

PostMortem: Assumed DOJ Montana Leak of Phone Dumps

Type of leak

Highly confidential information on a public SMB share without authentication

Threats from the leak

I see the following threats:

  • Integrity and Confidentiality of investigations into serious crimes compromised
  • Privacy of U.S. citizens compromised (very likely to contain most intimate data)
  • Providing 3rd parties hostile to the U.S. with blackmail material

1/4

bucketchallengeJun 13, 2025
JayeLTeeJun 11, 2025

Some wild things I found exposed recently that I am actively trying to close down:

1) 🇺🇸 Criminal Defense firm with archived case files exposed (evidence, discovery, court docs, etc) includes crash reports with dead people - Contacted the Law firm last week and nothing done.

2) 🇺🇸 Phone extracts for multiple cases that have been on the news, including a case of a cop suicide, sexual abuse cases - Looking at who to notify about this one, being extra careful as the file listing suggests illegal stuff gathered as evidence might be exposed on it.

3) 🇳🇿 A database backup with a table that includes someone's diary, with a lot of entries about their sexual life.
This backup also includes ~1,500 logins for a police association on other tables and credentials to multiple companies & websites - Contacted higher-ups in the police association for help identifying who is responsible, but so far, no reply.

Just a few more servers to add to the list of dozens of pending cases. Will start escalating contacts until stuff gets fixed.

#cybersecurity #infosec #responsibledisclosure #threatintel #readyouremail

Show threadbucketchallengeJun 12, 2025
Good news today: The #s3 #bucket was closed. The bucket was XXX, so I assume YYY to be responsible for leaking 22,4mio pictures of Japanese babies. As there where only pictures in the bucket I only can guess by the name and the content which matches.
EDIT: The bucket is open again. WTF. 😩
Show threadbucketchallengeJun 8, 2025
And tonight I escalated the #s3 #bucket to #AWS. I explicit asked them to contact their customer. I am sure I will be told to memorize their "shared responsibility", and that no responsibility is with them.
Show threadbucketchallengeJun 2, 2025
And I escalated this bucket to the #Japanese #CERT. So far the #s3 #bucket is still open.