A team from UpGuard discovered an unsecured AWS S3 bucket exposed to the Internet which contained about 3.2 Million records. The records were from a non-profit organization serving LA County named “211 LA County”. The records also had credentials of 211 system operators and email addresses of their contacts. There were more than 200,000 rows of detailed notes.

The notes held information such as abuser names, graphic descriptions of elder abuse, child abuse and suicidal distress, raising serious, large-scale privacy concerns. The bucket, which was located in the subdomain ‘LA County’, was found to be misfigured and anonymously accessible.

UpGuard later assured the public that the bucket was no longer accessible by everyone after they had informed LA County about it. But this incident throws light on all the big companies that store data online and that can they store such high risk information in unsafe places.