Amazon Web Services (AWS) Data Breaches: Full Timeline Through 2022 (2024)

The most recent known Amazon Web Services (AWS) breach happened in May 2022, when a security firm identified over 6.5 terabytes of exposed information on servers belonging to Pegasus Airlines.

In related news, former AWS employee Paige Thompson was convicted in June 2022 for her role in the 2019 Capital One breach. The jury found her guilty of wire fraud and multiple counts pertaining to computer hacking. All told, Thompson breached 30 companies and looted personal information pertaining to over 100 million people.

As in most AWS breaches, this information was exposed due toimproperly configured S3 bucketson the part of the business using AWS. This type of vulnerability has become one of the most common attack vectors in recent years, and you can read about some of the high profile AWS breaches below.

You can read more about breaches directly involving Amazon in our article onAmazon data breaches.

June 2022: Former AWS Employee Convicted for Capital One Breach

In June 2022, former AWS employee Paige Thompson was convicted for her role in the 2019 Capital One breach. While working for Amazon, Thompson exploited her knowledge of cloud server vulnerabilities at Capital One and more than 30 other companies. All told, Thompson stole the personal information of over 100 million people, including names, dates-of-birth, and social security numbers.

The defense portrayed Thompson as an ethical hacker seeking to notify companies of vulnerabilities before bad actors could exploit them. The U.S. Department of Justice argued otherwise, noting that Thompson failed to notify the companies she breached, bragged about the incident on hacker forums under the alias “erratic”, and profited from the breach by installing cryptomining software on many of the servers she hacked. As assistant U.S. attorney Andrew Friedman put it in his closing arguments, “She wanted data, she wanted money, and she wanted to brag.”

After ten hours of deliberation, a Seattle jury found Thompson guilty of wire fraud, as well as five counts of unauthorized access to a protected computer and damaging a protected computer. They found her not guilty of access device fraud and aggravated identity theft. Thompson could face up to 45 years in prison.

Not that Capital One got off easy. Finding their security practices lacking, the Office of the Comptroller of Currency fined Capital One for $80 million, and the company paid out an additional $190 million settlement in a class action lawsuit.

May 2022: 23 Million Files Exposed in Pegasus Airlines Breach

In May 2022, a security firm discovered an unprotected AWS S3 bucket containing 6.5 terabytes of “Electronic Flight Bag” information, including navigation information, proprietary software, and personal information pertaining to Pegasus Airlines crew members. Once notified of the exposed information, Pegasus Airlines promptly secured the unprotected S3 bucket.

December 2021: FlexBooker Breached, Compromising 3 Million Users

In December 2021, a hacker group identified as “Uawrongteam” broke into FlexBooker, an online booking platform, and made off with data on roughly three million users. After looting the data, they posted it for sale on various hacker forums.

The stolen data included drivers’ licenses and other personally identifying information, as well as password data. The data was apparently accessed by exploiting FlexBooker’s Amazon Web Services configuration.

August 2021: SeniorAdvisor Exposes Personal Data for Over 3 Million Senior Citizens

In August 2021, ethical hackers at WizCase discovered the website SeniorAdvisor had left millions of personal records exposed due to an improperly configured Amazon S3 bucket. These records included names, emails, and phone numbers.

These records come from a list of leads SeniorAdvisor had contacted for sales purposes: as such, they were not limited to customers, but include people who had never done any business with SeniorAdvisor.

July 2021: PeopleGIS Exposes Sensitive Data for Over 80 Municipalities

In July 2021, a group of ethical hackers at WizCase discovered a vulnerability affecting at least 80 municipalities in the United States. This breach resulted from misconfigured Amazon S3 buckets related to MapsOnline, a service run by the software company PeopleGIS. It’s unclear whether the misconfiguration was made by PeopleGIS or by the municipalities in question.

Over a terabyte of data across 1.6 million files was exposed. These files include sensitive personal data of city residents, as well as building plans, city plans, and other information relating to local properties.

June 2021: Turkish Retailer Cosmolog Kozmetik Exposes Customer Records

In June 2021, ethical hackers at WizCase discovered a cache of 9500 customer records left exposed due to an improperly configured S3 bucket. This data included order information, including customers’ names, emails, and physical addresses.

Because Cosmolog Kozmetik operates multiple websites, exposure was not limited to their main site alone: it also included records from sites such as Unishop, Trendyol, and Hepsiburada.

March 2021: Covid Testing Sites Leave Personal Data Exposed

In March 2021, privacy watchdog Comparitech found that Premier Diagnostics, a Utah-based covid testing company, had exposed customers’ personal data via improperly configured Amazon S3 buckets. Over 50,000 customers personal information was exposed, including images of drivers licenses, passports, and medical insurance cards.

February 2021: LogicGate Breach

On February 23, 2021, the risk and compliance startup LogicGate wasbreached by an unauthorized person. It’s unclear how many people were affected. LogicGate reported the breach in April, 2021.

November 2020: Prestige Software Exposes Hotel Reservation Information

In November 2020, the security team at Website Planet discovered that the company Prestige Software had exposed over 10 million records related to it Cloud Hospitality platform, which powers availability information for hotel booking websites. This information, which included customers’ names and credit card numbers, was exposed due to a misconfigured Amazon S3 bucket.

July 2020: Hackers Inject Code into Twilio Software

In July 2020, it came to light that cloud communications Twilio had been hacked due to an exposed Amazon S3 bucket. The hackers injected code that caused web browsers to load a separate URL linked to Magecart attacks. Though customers don’t typically interact with Twilio directly, their customers include companies such as Netflix, Uber, and Shopify.

Most AWS breaches involve data that has been directly exposed to potential bad actors. In this case, hackers were able to not only read the software in question, but modified its code to aid in future cyberattacks.

February 2020: Millions of Shoppers Data Exposed

A large, unsecured AWS database was discovered in February 2020 that held sensitive data onmillionsof European shoppers, including records from Amazon, PayPal, eBay, Shopify, and Stripe. Along with names, addresses, emails, and phone numbers, records included payment histories, order histories, invoice links, and partial credit card numbers.

There were also other kinds of data in the database. For example, an Amazon Marketplace Web Services (MWS) authentication token was in the mix, as well as an AWS access key ID and some MWS queries.

It appears that the database belonged to a company that was conducting a value-added tax (VAT) analysis. This company has not been identified by media reports. Not only was the core incident concerning, but it also showcased how much data can end up in the hands of third parties, often without the shopper’s knowledge.

December 2019: Cannabis Retail Software THSuite Exposes Data on Over 30,000 Customers

In January 2020, a research team at vpnMentor discovered that over 30,000 customers’ information had been exposed on THSuite, a software company that provides services to cannabis retailers. This data included transaction information as well as sensitive records including photos of drivers’ licenses. It was exposed due to an improperly configured Amazon S3 bucket.

July 2019: Capital One Breach Exposes Over 100 Million Customers

Capital One: an AWS customer: revealed in July 2019 that its server was hacked by a former Amazon employee. In total, over100 millioncustomers were impacted, exposing sensitive personal information like Social Security Numbers, bank account numbers, credit card transaction records, credit scores, and more.

The person behind the hack wasreportedlya woman who previously worked as an AWS systems engineer. Capital One blamed a “firewall misconfiguration” for the breach. Amazon denied any responsibility, stating that their systems weren’t at fault.

Still, the incident put an uncomfortable spotlight on AWS, and not all were convinced that the tech giant was free from all responsibility.

May 2019: Chtrbox Exposes 49 Million Instagram Records

In May 2019, an exposed database of personal information and account data was discovered belonging to the company Chtrbox, a third-party Instagram client. This data, which included email addresses and phone numbers, was left exposed due to an improperly configured AWS server.

You can read more in our full timeline of Instagram data breaches.

June 2017: Deep Root Analytics Breach Exposes Personal Data on 198 Million Voters

Deep Root Analytics: a data analytics firm that the Republican National Committee hired to gather information on American voters: left an S3 bucket containing records on approximately198 millionAmerican voters unsecured. Along with personal information like names, addresses, birth dates, and phone numbers, the server also held voter profiling data, such as party affiliation.

The information was on an Amazon server but was not password protected. It was left accessible to the public for around two weeks, though it isn’t clear whether the data was stolen by a malicious actor.

Amazon Web Services (AWS) Data Breaches: Full Timeline Through 2022 (2024)

FAQs

What are the top 3 biggest data breaches so far in 2022? ›

Top 10 Data Breaches So Far in 2022
  • Crypto.com Crypto Theft. The attack took place on January 17th and targeted nearly 500 people's cryptocurrency wallets. ...
  • Microsoft Data Breach. ...
  • 3. News Corp Server Breach. ...
  • Red Cross Data Breach. ...
  • Ronin Crypto Theft. ...
  • FlexBooker Data Breach. ...
  • GiveSendGo Political Data Breach. ...
  • Cash App Data Breach.
12 Oct 2022

Was there a data breach in 2022? ›

November 2022

Dropbox data breach: Dropbox has fallen victim to a phishing attack, with 130 Github repositories copied and API credentials stolen after credentials were unwittingly handed over to the threat actor via a fake CricleCI login page.

Is Amazon hacked 2022? ›

In June 2022, a former Amazon employee was convicted for her role in the 2019 Capital One breach. The hacker in question used her insider knowledge of to hack over 30 companies and illegally access the personal data of over 100 million people.

What is the largest data breach in history? ›

Data breached: 3 billion user accounts

According to data breach statistics, the largest data breach in history is the one that Yahoo! suffered for several years. Not only is it the biggest breach according to the number of affected users, but it also feels like the most massive one because of all the headlines.

What has been hacked in 2022? ›

Let's take a look at the largest data breaches of 2022:
  • Cyberattack on ICRC (Red Cross) January 2022 started off with a bang with headlines screaming “Breaking news: Red Cross Hacked!” circulating online. ...
  • Cash App Data Breach. Unlike the ICRC breach, the hacker in this case is known. ...
  • Lapsus$ Group's Extortion Rampage.

Which company holds the largest data breach till date? ›

Summary: Flagstar Bank suffered a data breach that affected over 1.5 million customers. Although the breach is believed to have occurred in December 2021, it wasn't discovered until June 2022. The hackers accessed sensitive customer data, including names, personal identifications, and social security numbers.

What websites get hacked the most? ›

WordPress websites are a top target for hackers because of their massive user base. BuiltWith tracks over 30 million websites live WordPress sites (data from March 2022).

Who has been hacked recently? ›

In June 2022, Michigan-based Flagstar Bank notified customers of a data breach in which hackers stole the social security numbers of 1.5 million customers. The attack itself occurred in early December 2021, and Flagstar discovered the breach in early June 2022.

Where can I find breached data? ›

Ways to find breached data
  • HAVE I BEEN PWNED. Have I Been Pwned is one of the most popular, oldest, and finest sites. ...
  • DEHASHED. ...
  • Dehashed provides multiple ways for searches that include: ...
  • Intelligence X. ...
  • It differs from others in many ways: ...
  • BREACH CHECKER. ...
  • HAVE I BEEN SOLD. ...
  • Sagar Tiwari.
17 May 2022

When was the last time AWS was hacked? ›

The most recent known Amazon Web Services (AWS) breach happened in May 2022, when a security firm identified over 6.5 terabytes of exposed information on servers belonging to Pegasus Airlines.

How safe is AWS? ›

AWS is PCI Level 1 Compliant, meaning that the underlying physical infrastructure has been audited and approved by an authorized independent Qualified Security Assessor. In fact, AWS was the first cloud platform to earn PCI DSS Level 1 compliance.

Is AWS hackable? ›

When bad people steal access to your computer, they have access to do all kinds of things. At the very least, they can easily discover any AWS access keys you've stored in the AWS credentials file. They may also be able to log key presses, including the password you enter into the AWS console. You don't want that.

Who is the No 1 hacker in world? ›

Kevin Mitnick

Who is the scariest in security breach? ›

Monty Golf

Although a newcomer, Montgomery Gator made a name for himself in Security Breach by becoming one of the most intimidating animatronics of the group. Between his deep growls and his near superspeed, it was clear that he was quite aggressive and out for blood.

Did Netflix have a data breach? ›

The most recent Netflix data breach happened in October 2021, when a Netflix employee leaked commercially sensitive company data in protest of Dave Chappelle's special, The Closer. Following the incident, the employee was terminated for violating company policies.

Who first hacked? ›

The first internet hacker

One of the first internet hackers, and certainly the first to gain mainstream media attention, was Robert Morris back in 1989. His was the first “Denial of service” attack in history and it was caused by a worm Morris had developed at Cornell University the year before.

What technology is the most often hacked? ›

Then you'd be surprised to know the most commonly device currently used by hackers to access homes and businesses are “internet-connected security cameras”.

What is the most secure data center in the world? ›

Construction of Bahnhof Data Center

The Bahnhof Data Center is a Hollywood-style Swedish data center situated in a former nuclear bunker, deep in the bedrock right beneath the city of Stockholm. It was constructed to be able to survive a blast by a hydrogen bomb.

Which industry suffers the most data breaches? ›

Healthcare & pharmaceuticals

In 2021, healthcare organizations experienced the most data breaches since 2009.

Who owns the largest data center in the world? ›

According to numerous publications, the world's largest data center is the China Telecom-Inner Mongolia Information Park. At a cost of $3 billion, it spans one million square meters (10,763,910 square feet) and consumes 150MW across six data halls.

Which browser is hardest to hack? ›

Tor is the most secure web browser available for online browsing. The Tor network web browsers encrypt and anonymize your data. Firefox web browsers provide security without sacrificing performance. Chromium: All of Google Chrome's best features without tracking or selling your data while browsing.

What is the most commonly hacked password? ›

In collaboration with independent cybersecurity researchers evaluating a four terabyte database, the company found 123456 was the mostly commonly used password in the world, with over 100 million instances of its use.

Where is the best hacker in the world? ›

Top 10 countries where security hackers come from & their types
​20132016​2019
1. China - Approx 41.4%1. China - 27.24%1. China
2. U.S.A. - 10%2. USA - 17.12%2. Brazil
​3. Turkey - 4.8%​3. Turkey - 10.24%​3. Russia
​4. Russia - 4.4%​4. Brazil - 8.6%​4. Poland
8 more rows
22 Jul 2021

What are the 2 possible signs that you have been hacked? ›

How to know if you've been hacked
  • You get a ransomware message.
  • You get a fake antivirus message.
  • You have unwanted browser toolbars.
  • Your internet searches are redirected.
  • You see frequent, random popups.
  • Your friends receive social media invitations from you that you didn't send.
  • Your online password isn't working.

Can you be hacked without knowing? ›

Phone hacking can compromise your identity and privacy without you even knowing. Fraudsters continuously evolve and improve hacking methods, making them increasingly harder to spot. This means the average user might be blind sighted by any number of cyberattacks.

How many accounts get hacked in a day? ›

There isn't concise data on how many people get hacked a year. However, considering there are around 2,200 cyberattacks per day, that could equate to more than 800,000 people being hacked per year.

What are the 3 types of personal data breach? ›

Personal data breaches can include:
  • access by an unauthorised third party;
  • deliberate or accidental action (or inaction) by a controller or processor;
  • sending personal data to an incorrect recipient;
  • computing devices containing personal data being lost or stolen;
  • alteration of personal data without permission; and.

Which country has the most data breaches? ›

The U.S.

Can I check if my data has been breached? ›

Go to annualcreditreport.com or call 1-877-322-8228 to get a free copy of your credit report. You can get one free copy of your report from each of the three credit bureaus once a year. Monitor your accounts regularly. Check every charge on your statements.

When did Amazon start breaking out AWS? ›

AWS rolled out its first mass-market product, Simple Storage Service, or S3, on March 14, 2006. To many at Amazon, that day marked the birth of AWS.

Why AWS is such a hit? ›

Scalable and Adaptable

In fact, AWS is great for building a business from the bottom as it provides all the tools necessary for companies to start up with the cloud. For existing companies, Amazon provides low-cost migration services so that your existing infrastructure can be seamlessly moved over to AWS.

Would Amazon have survived without AWS? ›

But without AWS's extra financial push, the company overall would have posted a $286 million operating loss, rather than a $575 million operating profit, and would have seen quarterly revenue of just $29.5 billion compared to actual revenue of $32.7 billion.

What can go wrong in AWS? ›

When developing or hosting using AWS, some of the most common and serious AWS security concerns include: Insufficient Permissions and Encryptions. Accidentally making Amazon Machine Images (AMIs) public. Identity and Access Management (IAM) given too much control/access, indirectly.

Is AWS good for cybersecurity? ›

The AWS Partner community has deep expertise in all phases of cybersecurity and can help make your data safer.

Do banks use AWS? ›

Banks choose AWS to help create richer experiences – from seamless digital onboarding to real-time transaction updates – across channels.

Does the FBI use AWS? ›

Similarly, the Federal Bureau of Investigation (FBI) has also made significant use of AWS for its investigative efforts. However, it should be noted that the DoD and FBI are not the only government agencies that have made significant use of AWS.

Who hacked AWS? ›

Paige Thompson, 36-year-old former tech worker, was convicted in the US District Court in Seattle of seven federal crimes connected to her scheme to hack into cloud computer data storage accounts and steal data and computer power for her own benefit.

Has Amazon been compromised? ›

14 million alleged Amazon and eBay account details sold online. An unknown user was offering the data of 14 million Amazon and eBay customers' accounts for sale on a popular hacking forum. The data appears to come from users who had Amazon or eBay accounts from 2014-2021 in 18 different countries.

› crypto-keys-stolen-fr... ›

Security researchers have demonstrated in a lab setting an information-stealing attack against Amazon Web Services users. But Amazon says its customers “using...
This article answers the question Can AWS be Hacked? We look at high profile security breaches and give you simple tips to help secure your AWS account.
There's a common culprit behind those numerous security breaches responsible for leaking user data: an unsecured Amazon S3 bucket.

What are the biggest cybersecurity threats right now 2022? ›

Ransomware

Ransomware is considered to be one of the biggest cyber security threats in 2022 and poses a serious cyber threat to businesses of all sizes. Ransomware attacks work by infecting your network and locking down your data and computer systems until a ransom is paid to the hacker.

Who has been hacked recently? ›

In June 2022, Michigan-based Flagstar Bank notified customers of a data breach in which hackers stole the social security numbers of 1.5 million customers. The attack itself occurred in early December 2021, and Flagstar discovered the breach in early June 2022.

Has Facebook been hacked 2022? ›

Facebook data breach 2022: 42.6% of the malicious apps were photo editors. On Friday, the social media platform revealed the Facebook data breach 2022. It discovered over 400 fraudulent Android and iOS apps that target internet users to steal their login information this year.

Why are cyber attacks increasing 2022? ›

According to new research from Palo Alto Networks, employees falling for phishing lures were the suspected start of 37 per cent of successful attacks. Thirty-one per cent of attacks started by exploiting software vulnerabilities.

What are the top 5 major threats to cybersecurity? ›

Top 5 most common cyber threats to watch out for today
  1. Social engineering attacks (or phishing) ...
  2. Ransomware. ...
  3. Mobile security attacks. ...
  4. Remote working risks. ...
  5. Identity-based cloud security threats.
5 Jul 2022

What are the 3 major threats to cyber security today? ›

Types of Cybersecurity Threats
  • Viruses—a piece of code injects itself into an application. ...
  • Worms—malware that exploits software vulnerabilities and backdoors to gain access to an operating system. ...
  • Trojans—malicious code or software that poses as an innocent program, hiding in apps, games or email attachments.

Who is the No 1 Hacker of world? ›

Kevin Mitnick
Other namesThe Condor, The Darkside Hacker
OccupationInformation technology consultant Author
Organization(s)Mitnick Security Consulting Chief Hacking Officer at KnowBe4, Inc
Board member ofKnowBe4
7 more rows

Who is the number 1 best hacker? ›

1. Kevin Mitnick. Kevin Mitnick likely holds the title as the world's best hacker ever. Kevin Mitnick started hacking at an early age.

Who hacked first? ›

The first internet hacker

One of the first internet hackers, and certainly the first to gain mainstream media attention, was Robert Morris back in 1989. His was the first “Denial of service” attack in history and it was caused by a worm Morris had developed at Cornell University the year before.

Has Apple had a data breach? ›

September 2021: Israeli Spyware Compromises Apple Devices

In September 2021, researchers discovered that a spyware called Pegasus had infected iPhones and other Apple Devices via a 'zero click exploit', granting the spyware broad power over a users' device.

How many accounts get hacked in a day? ›

There isn't concise data on how many people get hacked a year. However, considering there are around 2,200 cyberattacks per day, that could equate to more than 800,000 people being hacked per year.

When was the first data breach? ›

What was the first data breach? 2005 is the year of the first data breach to compromise more than 1 million records (DSW Shoe Warehouse; March 2005; 1.4 million credit card numbers and names on those accounts).

What websites get hacked the most? ›

WordPress websites are a top target for hackers because of their massive user base. BuiltWith tracks over 30 million websites live WordPress sites (data from March 2022).

What are the 4 common causes of data breaches? ›

Here's a short list of major causes for data breaches:
  • Cause #1: Old, Unpatched Security Vulnerabilities. ...
  • Cause #2: Human Error. ...
  • Cause #3: Malware. ...
  • Cause #4: Insider Misuse. ...
  • Cause #5: Physical Theft of a Data-Carrying Device.

Where can I find breached data? ›

Ways to find breached data
  • HAVE I BEEN PWNED. Have I Been Pwned is one of the most popular, oldest, and finest sites. ...
  • DEHASHED. ...
  • Dehashed provides multiple ways for searches that include: ...
  • Intelligence X. ...
  • It differs from others in many ways: ...
  • BREACH CHECKER. ...
  • HAVE I BEEN SOLD. ...
  • Sagar Tiwari.
17 May 2022

› recent-big-company-data-breaches ›

The rate at which companies – large and small alike – are experiencing cybersecurity breaches is alarming. With recent high-profile attacks targeting healthcare...
This week we're looking at a data breach at clothing maker Guess, another at a dermatology company that may have affected 2.4 million people, and a new $10 ...
Security intelligence from around the world. Our daily alert provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity profe...

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Kareem Mueller DO

Last Updated:

Views: 6408

Rating: 4.6 / 5 (46 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Kareem Mueller DO

Birthday: 1997-01-04

Address: Apt. 156 12935 Runolfsdottir Mission, Greenfort, MN 74384-6749

Phone: +16704982844747

Job: Corporate Administration Planner

Hobby: Mountain biking, Jewelry making, Stone skipping, Lacemaking, Knife making, Scrapbooking, Letterboxing

Introduction: My name is Kareem Mueller DO, I am a vivacious, super, thoughtful, excited, handsome, beautiful, combative person who loves writing and wants to share my knowledge and understanding with you.