Skip to Content

Infosys leaked AWS keys for a year until researcher steps in

Updated on 2022-11-21: Infosys leaked AWS keys for a year until researcher steps in

Infosys, one of the biggest IT and consulting giants on the planet, exposed its own IAM keys for Amazon’s AWS on GitHub for more than a year. Forbes said the keys, which had “full admin access,” allowed access to an S3 bucket storing what appeared to be very sensitive data. But without an easy or obvious way to inform Infosys of the still-exposed and still-active key, Forbes revoked it there and then. In remarks: “One of the golden rules is to not touch anything you find: just document and report. Except in this case the key had been public for over a year, there seemed to be sensitive data there and the key also appeared to be a non-critical user key rather than a key for a system… I opted to close the door.” Read more: Infosys leaked FullAdminAccess AWS keys on PyPi for over a year

Infosys leaked AWS keys for a year until researcher steps in

Overview: Infosys leak

Cybersecurity firm Infosys has leaked a FullAdminAccess AWS keys on PyPi for over a year, according to Tom Forbes, a Python developer from the UK. Read more: Infosys leaked FullAdminAccess AWS keys on PyPi for over a year

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.