Login

Register

Login

Register

Exchange rate service’s customer details hacked via AWS – Naked Security


Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database, according to a notification letter published on Twitter this week.

Open Exchange Rates provides foreign exchange data for over 200 currencies worldwide, including digital ones. Software developers can access it using an application programming interface (API). It lets software applications query the Open Exchange Rates service, which delivers their results back in a machine- and human-readable format, JSON.

The company runs its service in the Amazon Web Services (AWS) cloud. Unfortunately, this was the focus of a breach that started on 9 February 2020, the company said in a notification that it sent to customers on 12 March. Linux and open source engineer Sylvia van Os tweeted the notification:

This incident is different from many of the AWS-based exposures we report here because it wasn’t due to a public database or S3 bucket exposure. In those incidents, organisations publish information on the web for all to see, usually through database or cloud misconfiguration. Instead, this appears to have been a targeted attack.

Open Exchange Rates explained that it started getting complaints about its API performance on 2 March, which it tracked to a misconfiguration in its network. When fixing the issue, it found that an unauthorised account had been tampering with its AWS environment. According to the letter, they used a compromised secure access key.

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW