Board of Control for Cricket in India (BCCI) is the national governing body for cricket in India and it is responsible to organize various cricket related operation in India.
A researcher discovered two misconfigured S3 buckets where BCCI stored more than 12000 Indian applicants sensitive data.
This flaw leads to access the all personal information of Cricket Players data anywhere in the world.
According to Kromtech Researchers, Scanned documents such as player registration forms with IDs, voter and bank documents were stored on two misconfigured S3 buckets
Leaked Buckets carry a vast amount of Registration forms that contain personal information, including following sensitive data.
- name of the applicant, DOB
- place of birth
- permanent address
- mobile phone No. / landline No.
- emergency person’s contact number
- medical records,
- birth certificate No. / passport No./ SSC certificate No. / PAN card No. + scanned copies
Exposed information belongs to different categories of players, including those under 19 years old.
After this Data Leak mackeepersecurity Reported to local IG Maharashtra Cyber police and they informing BBCI and asking them to take necessary corrective action.
AWS bucket data exposed are occurring quite often and Beforehand reported S3 buckets leads to leaking 1.5 Billion Files Exposed on Internet from Misconfigured FTP, SMB.