ADVERTISEMENT

Misconfigured WBSC server leaks thousands of passports

The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered.

WBSC

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Sep 28, 2023 Updated: 15 November 2023 2 min read
“Since passports contain a significant amount of personal information, including full names, date of birth, and a unique passport number, cyber criminals could use them to impersonate victims and steal their identities.”
the team said.

What are the risks of exposing passport data?

ADVERTISEMENT

What should the WBSC do?

  • Retrospectively examine the access logs to determine whether third parties have accessed data in the bucket
  • If the bucket has been breached, alert the Data Protection Authorities
  • Change the bucket’s access settings and secure sensitive data using AWS’ server-side encryption, such as KMS or AWS s3-managed keys
  • Consider implementing best security practices such as regular audits, automated security checks, and employee training
ADVERTISEMENT