Yeah. The level of incompetence is impressive. Full data and metadata for all customers all dumped together in one datastore, stored in the clear in AWS.
“The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers.”
…
"The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia."
…
"“If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?” the hacker said. "
oh… mygod.
Yeah. The level of incompetence is impressive. Full data and metadata for all customers all dumped together in one datastore, stored in the clear in AWS.
“The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers.”
…
"The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia."
…
"“If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?” the hacker said. "
"I’ll just put this together as proof of concept. I’ll look at security later.
Okay great, it works, now no need to ever touch it again."