[BreachExchange] Logistics giant D.W. Morgan exposed 100 GB worth of clients’ data

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Tue Dec 28 09:12:06 EST 2021


https://www.hackread.com/logistics-giant-d-w-morgan-exposed-clients-data/

The clients affected by the incident involving a misconfigured Amazon S3
bucket include Global 500 company Ericsson and Fortune 500 company Cisco.

IT security researchers at Website Planet Security Team discovered a
misconfigured Amazon S3 bucket that was owned by D.W. Morgan, a supply
chain management and logistics giant D.W. Morgan. The company is
headquartered in Pleasanton, California with global operations.

According to researchers, the database contained more than 100 GB worth of
data with 2.5 million files detailing financial, shipment, transportation,
personal and sensitive records belonging to D.W. Morgan’s employees and
clients worldwide. These included Global 500 company Ericsson and Fortune
500 company Cisco.

Although, the database was discovered on November 12th, 2021 the details of
it were only shared by Website Planet last week.

About exposed data
What’s worse is that the bucket remained exposed to the public without any
security authentication or password meaning anyone with knowledge of how
AWS buckets function could have accessed the data.

Full list of what type of data was exposed during misconfiguration:

Signatures
Full names
Attachments
Phone numbers
Goods ordered
Cargo damages
Process photos
Process details
Billing addresses
Dates of invoices
Shipping barcodes
Unknown documents
Delivery addresses
Facility locations
Photos of shipments
Prices paid for goods
Photos of package labels
Images of on-site documents
Transportation plans & agreements.

Example screenshot
The screenshot below is one of the examples of what type of data was
exposed. The first screenshot shows various locations of companies, while
the second screenshot shows the Cisco invoice of $350,000 to D.W. Morgan.

Good news and bad news
The good news is that D.W. Morgan secured the database within four days of
the initial alert sent by Website Planet. However, it is unclear whether
the database was accessed by malicious threat actors during the period of
exposure.

Nevertheless, if you are one of D.W. Morgan’s employees or clients, you
should be on alert. One can also expect a sudden rise in phishing scams,
spam attacks, or malicious emails loaded with malware.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211228/d3191cc3/attachment.html>


More information about the BreachExchange mailing list