s3-leaks

List of AWS S3 Leaks

Feel free to send in a PR if you know of other leaks

Date	Description	Notes
April 2025	Thoughts of AWS Access key ID's from an S3 bucket	The keys to the AWS kingdom
March 2025	16,000 subscribers to Nine newspapers from Australia	name, postal address and/or email address
Jan 2025	North Dakota-based TV station Valley News Live had more than 1.8 million files	Over a million of the exposed files were applicants' resumes and CVs containing names, phone numbers, home and email addresses, birthdates, employment histories, educational backgrounds
Jan 2025	WebWork - tracking remote workers' time and productivity and billing services	13 million logs and screenshots
Dec 2024	operation that scanned millions of websites, exploiting vulnerabilities in improperly configured public sites
Nov 2023	MTC is a governmental agency responsible for regional transportation planning and financing in the San Francisco Bay Area.	PDF files with Bay Area Rapid Transit (BART) carpool parking permits users' full names and home addresses
Oct 2023	India’s national logistics portal exposed sensitive personal data, trade records	Exposed sensitive personal data and various state and private trade records.
Sep 2023	WBSC, headquartered in Switzerland, was established in 2013	bucket storing nearly 48,000 files.copies of 4,600 national passports.
Setp 2023	PricewaterhouseCoopers' (PwC) Nigeria confidential data was stolen	The 24,668 exposed files include: Copies of passports/government-issued IDs Resumes with phone numbers, home and email addresses, and other private information Copies of degree/university certificates
August 2023	MPD FM, a facility management and security company providing services to various UK government departments	Passports/ VISAs/ National IDs/ Driving licenses/ Birth certificates/Vetting reports Right-to-work/ checks /Job contracts /Proof of address / Bank statements
May 2023	London-based outsourcing giant Capita	exposed to the internet since 2016, contained approximately 3,000 files totaling 655GB in size
Jan 2023	Pegasus Airlines Leaked 6.5TB of Data in AWS S3 Bucket Mess Up	Airlines Leaked 6.5TB
Aug 2022	Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake'	That is sure a lot of data on S3
July 2022	McGraw Hill's S3 buckets exposed 100,000 students' grades and personal info	22 TB of data and over 117 million files
Aug2020	S3 bucket mess up exposed 182GB of senior US, Canada citizens data	The misconfigured S3 bucket was owned by SeniorAdvisor, a consumer ratings and reviews website.
July2020	Twilio: Someone broke into our unsecured AWS S3 silo, added 'non-malicious' code to our JavaScript SDK	Attackers tried to update the javascript library hosted on the s3 buckets so this can be picked up by other clients
Jan 2020	"Exposed AWS buckets again implicated in multiple data leaks"	Passport scans, tax documents, background checks, job applications, expense claims, contracts, emails and salary details relating to thousands of consultants working in the UK were exposed.
June 2020	"7.2 million records were exposed, but not from the BHIM app"
Oct 2018	Misconfigured database breaches thousands of MedCall Advisors patient files	names, email and postal addresses, phone numbers, dates of birth and Social Security numbers. Other files had recordings of patient evaluations and conversations with doctors, along with medications, allergies and other detailed personal health data.
Jun 2019	AWS S3 server leaks data from Fortune 100 companies: Ford, Netflix, TD Bank	Attunity, an Israeli IT firm that provides data management, warehousing, and replication services for the world's biggest companies, has exposed some of its customers' data after it left three Amazon S3 buckets exposed on the internet without a password.
May 2019	How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups
Mar 2018	Medical Records and Patient-Doctor Recordings Were Exposed	information for employees of 181 business locations, as well as personally identifiable information (PII) for nearly 3,000 individuals was publicly exposed in an unsecured
Mar 2018	Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users	addresses, zip-codes, e-mail addresses, and IP addresses. He also claims the database contained plaintext passwords
Feb 2018	S3 bucket open to world : Octoly	real names, addresses, phone numbers, email addresses
Jan 22	Sensitive medical records on AWS bucket found to be publicly accessible
Dec 2017	Alteryx leave S3 bucket open for anonymous user : 120m american households exposed	Home addresses, contact information, mortgage status, financial histories
Nov 2017	111 GB of internal customer information from National Credit Federation, a Tampa, Florida-based credit repair service	- SSN - Drivers licesne, credit reports
Nov 2017	Uber, the hack happend couple months back was brought to light in Nov 2017>	personal information of 57 million Uber users and driver's license numbers
Nov 2017	NSA leak exposes Red Disk, the Army's failed intelligence system	100 gigabytes of data from an Army intelligence project, codenamed "Red Disk."
Nov 2017	Australia data leak: Nearly 50,000 government and private staffers’ sensitive data publicly exposed	S3 bucket left open by a contractor
Oct 2017	How A Cloud Leak Exposed Accenture's Business
Oct 2017	Patient Home Monitoring Service Leaks Private Medical Data Online	publically accessible Amazon S3 47.5 GB / 316,363
Sep 2017	Viacom : Open S3 bucket with AWS Keys, passwords, other sensitive info	S3 bucket open to the world
Sep 2017	Leaky S3 bucket sloshes deets of thousands with US security clearance	- Bucket open to the world in the test account
Sep 2017	Millions of Time Warner Cable Customer Records Exposed in Third-Party Data Leak
August 2017	Indian Creditseva Data Breach
August 2017	Open AWS S3 bucket leaked hotel booking service data
July 2017	S3 bucket was set to authenticate all AWS users, not just Dow Jones users
July 2017	Massive WWE Leak Exposes 3 Million Wrestling Fans' Addresses, Ethnicities And More
July 2017	Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet
June 2017	Personal information belonging to more than 198 million registered U.S. voters was exposed
May 2017	Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password
May 2017	Security company finds unsecured bucket of US military images on AWS
April 2017	A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed
Feb 2017	CHILDREN’S VOICE MESSAGES LEAKED IN CLOUDPETS DATABASE BREACH
Jan 2017	Paytm S3 bucket misconfiguration allowing PUT operations
March 2013	Thousands of Amazon S3 buckets left open exposing private data

ElasticSearch

Date	Description	Notes
Sep 2017	AWS hosted elastic search servers hijacked

AWS IAM Static credentials

Public Incidents Involving Exposed AWS IAM Static Keys or AWS Credentials

#	Organization / Date	Root Cause / Credential Exposure	Impact & Details	Relevance to Static Keys / S3 Usage
1	Large-scale AWS Keys Database & Ransomware Campaign (2025)	Public server exposed >158M AWS secret key records; 1,229 active keys used to encrypt S3 buckets and demand ransom.	Attackers encrypted S3 data using SSE-C without owner awareness.	Demonstrates that static keys become commodities → direct ransomware targeting S3.
4	Large Leak of Environment Variables (2024)	Palo Alto Networks study: >90,000 leaked .env files; 1,185 contained AWS access keys.	Keys leaked from repos, CI/CD logs, misconfigured files.	Reinforces that static/long-lived keys end up everywhere → high-risk credentials.
5	Developer Canary Token Test (2024)	Researcher placed a fake AWS key on GitHub; it was used within minutes (days when placed only on a website).	Demonstrated active scanning for AWS keys in public code.	Proves exposure-to-compromise window is minutes → rapid detection & rotation required.
6	AWS Engineer Leak (Jan 2020)	Public GitHub repo by an AWS engineer contained system credentials including AWS key-pairs (one named rootkey.csv).	Repo discovered within ~30 minutes; AWS remediated same day.	Even cloud vendors have human error → continuous scanning is essential.
7	Generic Code-Repo Exposures (2019–2020)	Multiple cases of AWS keys committed to GitHub/VCS; Medium posts highlight accidental leaks & attacker automation.	Often unnoticed but cumulatively large attack surface.	Emphasizes importance of scanning for AKIA..., reviewing last-used dates, disabling stale keys.
8	Honey-Bucket S3 Recon Research (2023)	Researchers deployed honey-buckets showing automated scans/downloads/deletes as soon as credentials or endpoints surfaced.	Showed constant automated reconnaissance in the wild.	Demonstrates that once keys or endpoints leak, S3 becomes an immediate target.
9	www.codespaces.com (17th of June 2014)	he attacker gained access to one of Code Spaces’ AWS IAM access keysThe exact method has never been 100% confirmed publicly, but all evidence points to: Likely vector: A compromised AWS access key This key allowed the attacker to:Log into the AWS console	The company was shutdown	Yes one single AWS Key can take a company down