Updated on 2022-11-21: Infosys leaked AWS keys for a year until researcher steps in
Infosys, one of the biggest IT and consulting giants on the planet, exposed its own IAM keys for Amazon’s AWS on GitHub for more than a year. Forbes said the keys, which had “full admin access,” allowed access to an S3 bucket storing what appeared to be very sensitive data. But without an easy or obvious way to inform Infosys of the still-exposed and still-active key, Forbes revoked it there and then. In remarks: “One of the golden rules is to not touch anything you find: just document and report. Except in this case the key had been public for over a year, there seemed to be sensitive data there and the key also appeared to be a non-critical user key rather than a key for a system… I opted to close the door.” Read more: Infosys leaked FullAdminAccess AWS keys on PyPi for over a year
Overview: Infosys leak
Cybersecurity firm Infosys has leaked a FullAdminAccess AWS keys on PyPi for over a year, according to Tom Forbes, a Python developer from the UK. Read more: Infosys leaked FullAdminAccess AWS keys on PyPi for over a year