Printing company exposes 343GB of sensitive military data

The leak is the latest in a series of data blunders discovered by vpnMentor's web-mapping project

UK Printing company Doxzoo inadvertently exposed 343GB of data through a misconfigured Amazon Web Services (AWS) S3 bucket, including sensitive information said to relate to branches of the UK and US military.

Potentially more than 100,000 users were affected by the data leak, with approximately 270,000 records exposed including personal information and payment information, as well as order details, passport information, and the contents of printing orders.

Among the exposed data was the copyrighted and sensitive work of Doxzoo clients, who spanned from military personnel to screenwriters. Researchers with vpnMentor, led by Noam Rotem and Ran Locar, found a wide range of information including university course material, screenplays, and internal military documents, some of which contained classified information.

“The items contained this leak often hold private and/or confidential information within,” said vpnMentor’s research team. 

“The promise of secure facilities and systems are key selling points for clients such as the military, and the breach of that guarantee is not only a failure in service, but also potentially holds a security risk along with it.”

The security firm has been finding pockets of exposed information for many months as part of a wider web-mapping project, and have recently detailed finding several alarming troves of exposed data.

These findings include a database of 604GB of text messages run by US-based communications firm TrueDialog, as well as sensitive information from British consultancy firms and consultants such as passport scans and financial documents.

The firm previously discovered exposed US military data in October 2019 due to a flaw in a reservations management system owned by the Best Western hotel chain. Personnel working for the US Department for Homeland Security (DHS) and the military was seen by researchers from vpnMentor, including travel arrangements both past and future.

Related Resource

How enterprises are embracing cyber security challenges

Enterprises across Europe, the Middle East and Africa are undergoing a significant transformation

Download now

The countries affected include not just the US and the UK, but clients in Sri Lanka, Nigeria and India, according to researchers. The UK-based printing company has a number of high profile clients and projects, including full-length books and sought-after paid wellness plans.

Doxzoo could have avoided this leak if they had taken basic security measures to protect the S3 bucket, vpnMentor said, including securing their servers, implementing proper access rules, and preventing system that don't need authentication from being accessed by the public through the internet.

The firm first discovered the exposed database on 22 January, before notifying the company four days later. Because Doxzoo didn’t respond to vpnMentor’s communication attempts, Amazon was notified on 5 February, and the bucket was finally closed on 11 February.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Millions of Volkswagen customers affected by data breach
data breaches

Millions of Volkswagen customers affected by data breach

14 Jun 2021
Misconfigured cloud services exposed 100 million Android users' data
data breaches

Misconfigured cloud services exposed 100 million Android users' data

21 May 2021
Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021