Unsecured Server Exposed Thousands of Fedex Customer Records

February 15, 2018

FedEx has exposed private information belonging to thousands of its customers after a legacy server was left open without a password.

The discovery was made by security researchers at the Kromtech Security Center, which posted details of the exposure alongside ZDNet. The data, hosted on a password-less Amazon S3 storage server, was secured Tuesday after efforts were made to contact FedEx.

Among the exposed files, ZDNet confirmed drivers' licenses, national ID cards, and work ID cards, voting cards, and utility bills. We also found resumes, vehicle registration forms, medical insurance cards, firearms licences, a few US military identification cards, and even a handful of credit cards that customers used to verify their identity with the FedEx division.

One identity card, when we checked, revealed the details of a senior official at the Netherlands' Ministry of Defense.

http://www.zdnet.com/article/unsecured-server-exposes-fedex-customer-records/

FAS Data Security Compliance Program

Unsecured Server Exposed Thousands of Fedex Customer Records

News

H-ISAC TIC Vulnerability Bulletin

Flaw in popular PDF creation library enabled remote code execution

Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up

Global DNS Hijacking Campaign: DNS Record Manipulation at Scale

FAS Data Security Compliance Program

Search form

You are here

Unsecured Server Exposed Thousands of Fedex Customer Records

News

H-ISAC TIC Vulnerability Bulletin

Flaw in popular PDF creation library enabled remote code execution

Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up

Global DNS Hijacking Campaign: DNS Record Manipulation at Scale