"Logistics Company D.W. Morgan Exposed 100 GB of Data From Clients, Including Fortune 500 Companies"
An Amazon S3 bucket belonging to the logistics company D.W. Morgan was discovered to be open, exposing more than 100 GB of sensitive data about shipments and clients, including Fortune 500 companies such as Cisco and Ericsson. The Website Planet security team identified the open AWS S3 bucket on November 12, 2021, and alerted the company the same day. According to the researchers, the database stored over 100 GB of data, including 2.5 million files consisting of financial, shipping, transportation, and personal details on D.W. Morgan's employees and clients. Although the database was discovered in November, the research team only recently shared information about the discovery. It remains unclear as to whether threat actors accessed the S3 bucket's content while it was unprotected. Exposed customers face the potential of being targeted in phishing campaigns or falling victim to fraud because of the sensitive data stored on D.W. Morgan's misconfigured bucket. This article continues to discuss the discovery of D.W. Morgan's open Amazon S3 bucket and the potential consequences of this exposure.