Tens of thousands of Americans' critically sensitive data, such as social security numbers, bank account numbers, credit reports and more, were left freely exposed online by the National Credit Federation (NCF).
The Florida-based credit repair service inadvertently exposed over 100GB of customer data via an unsecured Amazon cloud storage server, leaving thousands of its customers potentially vulnerable to identity and financial theft, as well as cyberattacks.
The credit repair service's leaky S3 bucket was discovered on 3 October by UpGuard's director of cyber risk research Chris Vickery.
There have been numerous massive leaks caused by unsecured S3 buckets over the past year which have exposed incredibly large troves of data from various organisations.
Most recently, classified US Army and NSA data was also left exposed, thanks to an unsecured S3 bucket.
In the NCF leak, the exposed data included information such as customers' names, addresses, scans of social security cards (exposing the actual social security numbers), credit reports, full credit card and bank account numbers, and more.