Out of Pocket: How an ISP Exposed Administrative System Credentials

Pocket iNet, a Washington-based internet service provider experienced a significant data leak, leaving 73GB of sensitive data exposed online. UpGuard’s Cyber Risk Team discovered customers lists, passwords and secure access codes were publicly accessible in a misconfigured Amazon S3 storage bucket. Although contacted promptly, it took the company seven days to secure the data. Among the compromised content were photos of Pocket iNet’s equipment and lists of priority customers.