Ghana’s National Service Secretariate – NSS – exposed 55GB worth of citizens’ data when an AWS S3 bucket used by the Secretariate suffered misconfiguration.
Researchers believe this breach poses a great risk for the Ghanian government officials associated with the agency and thousands of its citizens. The exposed database was discovered on 29 September 2021, and NSS and CERT-GH were notified between 6th and 12th October 2021.
“While the NSS had password-protected many documents stored on the S3 bucket, the bucket itself was left completely open, leaving the contents totally exposed and easily accessible to anyone with a web browser and technical skills,” VPNMentor’s report read.
