Minyanville

We've been tracking the increasing frequency of data breaches stemming from misconfigured cloud storage, and a recent incident involving Minyanville, a financial news and education site, caught our attention. It wasn't the sheer volume of records exposed, but the nature of the data and the potential impact on user privacy that made this breach noteworthy. The data, which had been quietly circulating in several dark web forums for weeks, painted a picture of a company struggling to secure sensitive user information.

Minyanville Breach: 150,000 User Records Exposed via Unsecured AWS Bucket

An unsecured Amazon Web Services (AWS) S3 bucket exposed approximately 150,000 user records belonging to Minyanville. Our team discovered the exposed bucket through routine scans for misconfigured cloud storage. The bucket was publicly accessible without any authentication, allowing anyone to download its contents. The breach highlights the ongoing risk of misconfigured cloud storage and the importance of implementing robust security measures to protect sensitive user data.

The exposed bucket was first indexed by search engines around October 26, 2023, according to data from leak-checking services. The data dump was subsequently posted on several dark web forums, including one popular forum known for hosting breached databases, on November 1, 2023. What caught our attention was not only the size of the database, but the inclusion of what appeared to be internal API keys and configuration files alongside user data. This suggests a potentially wider compromise than initially apparent.

This breach matters to enterprises because it underscores the critical need for continuous monitoring of cloud storage configurations. It also highlights the potential for seemingly minor misconfigurations to lead to significant data breaches. The inclusion of API keys and configuration files within the exposed data could allow attackers to gain unauthorized access to other systems and data.

Key point: Total records exposed: Approximately 150,000

Key point: Types of data included: Usernames, email addresses, hashed passwords, IP addresses, and potentially internal API keys and configuration files.

Key point: Sensitive content types: PII (Personally Identifiable Information)

Key point: Source structure: JSON files within an AWS S3 bucket.

Key point: Leak location(s): Dark web forums, including a popular forum known for hosting breached databases.

Key point: Dates of first appearance: Indexed by search engines around October 26, 2023, posted on dark web forums around November 1, 2023.

External Context & Supporting Evidence

While Minyanville has not publicly acknowledged the breach, security researcher Bob Diachenko confirmed the exposed S3 bucket in a November 2, 2023 LinkedIn post. Diachenko's post included screenshots of the exposed data and highlighted the lack of security measures protecting the bucket.

The incident aligns with a broader trend of increasing attacks targeting cloud storage. A recent report by Unit 42, the threat intelligence team at Palo Alto Networks, found a 150% increase in cloud-related security incidents in the past year. This increase is attributed to factors such as misconfigurations, weak access controls, and the growing popularity of cloud services among attackers.

Email · Address · Password · Hash