Updated on 2022-11-21: Infosys leaked AWS keys for a year until researcher steps in
Infosys, one of the biggest IT and consulting giants on the planet, exposed its own IAM keys for Amazon’s AWS on GitHub for more than a year. Forbes said the keys, which had “full admin access,” allowed access to an S3 bucket storing what appeared to be very sensitive data. But without an easy or obvious way to inform Infosys of the still-exposed and still-active key, Forbes revoked it there and then. In remarks: “One of the golden rules is to not touch anything you find: just document and report. Except in this case the key had been public for over a year, there seemed to be sensitive data there and the key also appeared to be a non-critical user key rather than a key for a system… I opted to close the door.” Read more: Infosys leaked FullAdminAccess AWS keys on PyPi for over a year
Overview: Infosys leak
Cybersecurity firm Infosys has leaked a FullAdminAccess AWS keys on PyPi for over a year, according to Tom Forbes, a Python developer from the UK. Read more: Infosys leaked FullAdminAccess AWS keys on PyPi for over a year
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
