Indian Cricket Board Exposes Personal Data thanks to Amazon Web Service S3

Share this…

Information security experts at the Kromtech Security Center found personal and confidential data belonging to between 15,000 and 20,000 Indian participants from the 2015-2018 cricket seasons.

The authority that should protect this data was The Board of Control for Cricket in India (BCCI), but it was available to the public in two misconfigured S3 cloud storage containers from Amazon Web Service, as we have seen in other cases.

criket

As per Kromtech’s research, the data were divided into several categories of players, including a category of participants less than 19 years of age. The data was available to anyone with an Internet connection and basic knowledge about the use of AWS cloud storage.

The data found at the beginning of the month includes; names, date of birth, place of birth, physical addresses, e-mail ID, physical condition details, medical records, birth certificate number, passport number, SSC certificate number, PAN card number, mobile phone number , landline number and contact phone number in case of emergency.

criket 1

Information security experts gave notice to the BCCI and misconfigured segments were insured. As we mentioned, this is not the first time confidential information is leaked. In 2017, the Center for Internet and Society (CIS) in Bangalore found that the relevant data of millions of Indian citizens could be found with a simple Google search.

We also know that lately, AWS segments have been targeted for bad reasons. As of today, we have heard of a large number of cases in which misconfigured AWS containers containing highly confidential data have been found, such as classified documents of the NSA or details of the espionage campaign of the military’s social networks US. Therefore, if you are an AWS user, make sure that your cloud server is protected.