The latest Cybernews research team investigation revealed that participants in PricewaterhouseCoopers (PwC) Nigeria Tech Talent Bootcamp are at risk of identity theft after private data was leaked from a misconfigured Amazon Web Services account.
On July 21st, the Cybernews research team conducted a routine check using open-source intelligence (OSINT) methods and revealed a misconfigured Amazon AWS bucket.
According to the Cybernews team, the bucket containing nearly 25,000 sensitive PwC Nigeria files has been attributed to a third-party vendor, Xerde Tech.
The 24,668 exposed files include:
-
Copies of passports/government-issued IDs
-
Resumes with phone numbers, home and email addresses, and other private information
-
Copies of degree/university certificates
PwC was also among the victims of the MOVEit attack earlier this year. The Cl0p ransom gang released data belonging to the company in 11 batches on the dark web and four on the publicly accessible clear web.
“This leak is a significant risk to exposed individuals, as the private information could be used for identity theft, financial fraud, spear-phishing, and scam campaigns. In an environment where the data is easily sold on the dark web, and bad actors specialize in extortion techniques, users should exercise extra caution,” Cybernews researchers said.
Cybernews reached out to PwC Nigeria, and the company resolved the issue, though it had not commented at the time of writing.
