S3 bucket discovered, but despite efforts company has not been reached.
A misconfigured Amazon S3 bucket exposed over 31,000 sensitive documents from a New Zealand-based property management company.
According to Cybernews, passports, driver’s licenses, and ID verification photos tied to tenants, landlords, and maintenance records from LPM Property Management were discovered by researcher Jake Dixon of Vadix Solutions.
Despite repeated attempts to reach the company, they went unanswered and it wasn’t until Amazon Web Services was contacted that the exposed data was secured, more than a month later. While AWS acted to close the breach, LPM has not responded to inquiries.
The leak may have left personally identifiable information vulnerable to identity theft, phishing, and dark web exploitation, with estimates valuing the cache at over $600,000.
According to CERT NZ’s Declan Ingram, such an exposure highlights the critical need for businesses to isolate sensitive systems, limit access, and adopt network segmentation practices.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
