Capita confirms it has now secured the bucket and data only contained 'release notes and user guides.'
Capita left a trove of data exposed online for seven years, exposing multiple files.
According to TechCrunch, a security researcher (requesting anonymity) discovered an unprotected Amazon-hosted storage bucket, which had been exposed to the internet since 2016, and contained approximately 3,000 files totaling 655GB in size.
The exposed data included software files, server images, numerous Excel spreadsheets, PowerPoint presentations and text files, according to a sample of filenames reviewed by TechCrunch.
One of the text files contained login details for one of Capita’s systems, the security researcher found, and some filenames suggested data was being uploaded to the exposed bucket this year.
There was no password on the bucket, allowing anyone who knew the easy-to-guess web address access to the files.
The bucket has now been secured by Capita, and spokesperson Elizabeth Lee told TechCrunch that the unsecured bucket contained "information such as release notes and user guides, which are routinely published alongside software releases in line with standard industry practice.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
