Thousands of FedEx customers’ private info exposed in legacy server data breach
THOUSANDS OF FedEx customers have had their private information exposed after one of the courier’s legacy servers was left open without a password.
Uncovered by Kromtech Security Center, the parent company of MacKeeper Security, the breach exposed data such as passport information, driver’s licenses and other high profile security IDs, all of which were hosted on a password-less Amazon S3 storage server.
However, according to the security researchers at Kromtech, it was later secured after the team made contact with FedEx.
This apparently happened due to FedEx not securing the data stored on the Amazon S3 virtual server, which was originally owned by Bongo, a company which FedEx bought in 2014 and rebranded as FedEx Crossborder (which was actually shut down last year).
As a result, the exposed data wasn’t super recent, and instead included records from 2009 – 2012. However, as many people’s state-issued IDs last for 10 to 20 years, much of the leaked data is probably still very sensitive.