The target: Coninsa Ramon, a Colombian based architecture, engineering, construction, and real estate firm.
The take: 5.5 million files of 100,000 customers of their personally identifiable information including: full names, addresses, email addresses, transaction data, and asset values.
The attack vector: An unsecured Amazon S3 storage server was misconfigured, allowing anyone with an internet connection to access and download the data. In addition, malicious code was discovered that would allow attackers to maintain a persistent connection to the website, letting them redirect traffic to fraudulent pages.
The exposure of personal information can lead to highly targeted phishing and fraud attacks. Given how detailed the information was in this exposure, the threat of spear-phishing campaigns is high. Use of authentication protocols is an integral part of maintaining a rigorous cybersecurity posture, and it is critical to employ industry standard practices of credential management, user authentication and validation, around all storage of customer data.