The most recent Cybernews analysis group investigation revealed that members in PricewaterhouseCoopers (PwC) Nigeria Tech Expertise Bootcamp are susceptible to identification theft after personal knowledge was leaked from a misconfigured Amazon Net Providers account.
On July twenty first, the Cybernews analysis group performed a routine verify utilizing open-source intelligence (OSINT) strategies and revealed a misconfigured Amazon AWS bucket.
In response to the Cybernews group, the bucket containing almost 25,000 delicate PwC Nigeria recordsdata has been attributed to a third-party vendor, Xerde Tech.
The 24,668 uncovered recordsdata embody:
-
Copies of passports/government-issued IDs
-
Resumes with cellphone numbers, dwelling and e mail addresses, and different personal data
-
Copies of diploma/college certificates
PwC was additionally among the many victims of the MOVEit assault earlier this 12 months. The Cl0p ransom gang launched knowledge belonging to the corporate in 11 batches on the darkish net and 4 on the publicly accessible clear net.
“This leak is a big danger to uncovered people, because the personal data could possibly be used for identification theft, monetary fraud, spear-phishing, and rip-off campaigns. In an surroundings the place the info is well bought on the darkish net, and unhealthy actors focus on extortion strategies, customers ought to train additional warning,” Cybernews researchers mentioned.
Cybernews reached out to PwC Nigeria, and the corporate resolved the problem, although it had not commented on the time of writing.
