Navy Federal Credit Union Backup Exposed Online www.databreachtoday.com/navy-fede…

Navy Federal, the world’s largest credit union, left hundreds of gigabytes of internal backup files exposed on Amazon’s cloud storage service, found cybersecurity researcher Jeremiah Fowler.

Fowler discovered an unencrypted and publicly accessible Amazon S3 bucket containing 378 gigabytes of internal backup files in May that contained 14 files in .gz, .sql and .twbx formats. The files belonged to Navy Federal Credit Union, which serves U.S. military members, veterans and their families.

The exposed backup included user names, email addresses, hashed passwords, keys and what appeared to be internal system data such as business logic, codes, optimization processes and financial performance metrics. Fowler said he did not see any member data in plain text. The internal records could provide attackers with a roadmap for phishing or social engineering attempts, or insights into the credit union’s network and operations.