"Security Researcher Finds Trove of Capita Data Exposed Online"

A researcher has found that the London-based outsourcing company Capita left a large amount of data exposed online for seven years, just weeks after the company admitted to having experienced a data breach that could have affected customer information. The unprotected Amazon-hosted storage container discovered by a security researcher has now been secured by Capita. According to the researcher, the AWS bucket had been exposed to the Internet since 2016 and contained about 3,000 files estimated to be 655 GB in total size. The lack of a password on the bucket enabled anyone with the easy-to-guess web address to access the files. GrayHatWarfare, a searchable database that indexes publicly accessible cloud storage, also captured the exposed cloud server's information. According to a sample of filenames reviewed by TechCrunch, the exposed data included software files, server images, and a multitude of Excel spreadsheets, PowerPoint presentations, and text files. The security researcher told TechCrunch that one of the text files contained login credentials for one of Capita's systems, as well as filenames indicating that data was uploaded to the exposed container as recently as this year. This article continues to discuss the discovery of data exposed by Capita. 

TechCrunch reports "Security Researcher Finds Trove of Capita Data Exposed Online"