Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords

From zdent.com

Internet Service Provider Pocket iNet exposed 73GB of corporate information online, including AWS secret keys and internal data.

Cybersecurity firm UpGuard revealed on Tuesday that the data leak was caused by a misconfigured Amazon S3 storage bucket which permitted the access and download of information without the need for authorization.

Washington-based Pocket iNet offers customers a broadband Internet service, video streaming, and smart, connected home solutions.

The company claims to “makes use of bleeding edge and emerging technologies such as native IPv6, Carrier Ethernet, and local fiber.”

However, the ISP may need to focus more on security given this lapse. According to UpGuard, among the data exposed was passwords stored in plain text, AWS secret keys for Pocket iNet employees, network diagrams, configuration settings, and inventory lists.

Read more…