The exposed data impacted airports in Colombia, Peru, and probably other countries “or even the rest of the world.”
A Sweden-based multinational security and investigation service provider has been found exposing sensitive data of employees at several different airports across Latin America.
The company in discussion is Securitas AB, which according to researchers at SafetyDetectives exposed a whopping 3 terabytes of data containing over 1.5 million files, thanks to one of its misconfigured Amazon S3 buckets.
What’s worse is that the database was left exposed to public access without any password or security authentication meaning anyone with knowledge of how to find misconfigured databases could have accessed the data.
However, due to the humongous size of the database, it was physically impossible to scan all of it. Nevertheless, their analysis revealed that the exposed data included sensitive company records and personal information of airport employees in Colombia, Peru, and probably other countries “or even the rest of the world,” researchers emphasized.
The list of impacted airports revealed by SafetyDetectives includes Aeropuerto Internacional Jorge Chávez (Lima, PE), El Dorado International Airport (Bogota D.C, COL), Alfonso Bonilla Aragón International Airport (Valle del Cauca, COL) and José María Córdova International Airport (Antioquia, COL).
What data was leaked?
Due to the humongous size of the database, it was physically impossible to scan all of it. However, their analysis revealed that the exposed data included sensitive company records and personal information of airport employees in Colombia, Peru, and probably other countries “or even the rest of the world,” researchers emphasized.
According to a blog post published by SafetyDetectives, they identified two datasets that contained records on airport and Securitas employees. These included photos of ID cards and unmarked photos. The ID card photo displayed PII information of employees such as:
- Full names
- National ID Number
- Employee photos on the ID card.
The second set of unmarked photos contained the most sensitive data belonging to airports, employees, and associated companies such as the following:
- Photos of planes
- Photos of employees
- Photos of employees loading and unloading luggage.
In addition to the information mentioned above, the two primary datasets analyzed on the bucket (photos of ID cards and other unmarked photos) contained Exchangeable Image File Format (EXIF) data that exposed specific information related to each photo. Exposed EXIF data included Device models (of the cameras used), GPS locations of photos, incl. coordinates and GPS maps and Time & date of photos.
Although SafetyDetectives identified the exposed AWS bucket on October 28th, 2021, the details of it were only shared this week. The good news is that Securitas secured the database on November 2nd, 2021.
It is yet unclear whether the database was accessed by a third party with malicious intent such as ransomware gangs or terrorists. But in case it did, it would be devastating for the company, employees, and impacted airports.
It may also lead to a massive security mishap based on the fact that the exposed data had photos of planes which is something that is not available in the public domain.
Additionally, threat actors can use the exposed data for identity theft to make fake IDs based on legitimate employee information and access sensitive areas at an airport. Hence, possibilities are endless.
Airport security protects the lives of travelers and airport staff. As such, this breach is extremely dangerous with potentially devastating consequences should the bucket’s content end up in the wrong hands. Both within Colombia and around the world, there are guerrillas and terrorist organizations that could cause a huge amount of damage if they accessed Securitas’ bucket. For this reason, security infiltration is the number one risk associated with Securitas’ clients and associated companies.