A company that lets users get copies of their birth and death certificates exposed more than 752,000 application documents it had stored in an Amazon Web Services cloud bucket.
U.K.-based cybersecurity consultancy Fidus Information Security found the cache of birth certificate applications, which the unnamed company did not protect with a password, TechCrunch reported. That means anyone who could guess the web address could download the applications, which included user personal information.
Both TechCrunch and Fidus reached out to the company, but they only received automated answers, according to the report. TechCrunch reported that Amazon declined to intervene in the matter but said it would inform the customer.
We’ve reached out to Amazon for further comment, and we will update this post if we hear back.
The situation raises questions about the responsibility of cloud providers for how customers manage data stored on their servers. Just last month, Amazon was hit with multiple lawsuits, alleging AWS illegally stored biometric information obtained by its customers.