Awesome Open Source
Awesome Open Source

YAS3BL (Yet Another S3 Bucket Leak)

Enumerating all the AWS S3 bucket leaks that have been discovered to date.

Company Link Records Exposed Data

211 LA County

3.2 million Files include access credentials for 211 system operators, email addresses for contacts and registered resources of LA County 211, and detailed call notes, including full names, phone numbers, addresses, and even 33,000 instances of full Social Security numbers.


137+ GB 4 S3 buckets exposing secret API data, authentication credentials, 40,000 plaintext passwords, credentials for GCP and Azure accounts, SSL certificates, private decryption keys, production VPN keys for internal/private networks, database dumps, user IP addresses, JSESSION IDs.


Names, addresses, dates of birth, phone numbers, income ranges, social security numbers (SSNs), driver licenses, armed forces and voter identification cards, bank checks, insurance policy documents, health and medical information (e.g. prescriptions and dosages), and some financial data. Insurance companies found in the data included Cigna, TransAmerica, SafeCo, Schneider Insurance, Manhattan Life, Everest - to name a few.

Alliance Direct Lending Corporation

1 million Names, addresses, credit scores and partial Social Security numbers


123 million Data sets belonging to Experian and US Census Bureau, containing personal details of 198 million American voters and 123 million American household PII data such as home addresses, contact information, morgage ownership, financial histories, and purchasing behaviors.

Australian Broadcasting Company

50,000 Personal data of Australian employees of several government agencies, banks, and a utility company, including full names, passwords, IDs, phone numbers, email addresses, credit card numbers, salaries and expenses.

Booz Allen Hamilton

Undisclosed Top Secret data from DoD, Pentagon, and National Geospatial Intelligence Agency (NGA), SSH keys, credentials granting access to data center Operating System

DeepRoot Analytics

200 million 1.1 Terabytes worth of data on registered voters

Department of Defense

1.8 billion Three (3) S3 buckets containing 1.8 billion posts of scraped internet content over the last 8 years.

Dow Jones

2.2 - 4 million Names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications


1.8 million Chicago voter names, addresses, date-of-births, partial SSNs, Driver Licenses, and state ID numbers


119,000 Scanned documents of US and international citizens, such as passports, driver licenses, security IDs, home addresses, phone numbers, zip codes


38,000 Credit Card numbers, expiration dates, CVV codes


50,000 Names, phone numbers and email addresses for users and their trusted contacts, passwords, gender, information about their cars including VIN, Connect IDs.

MBM Company Inc.

1.3 million Names, addresses, zip codes, phone numbers, email addresses, ip addresses, plaintext passwords

Mexico's Electoral Authority (INE)

93.4 million Mexican voter registration data

National Credit Federation

111 GB Internal personal and financial data of tens of thousands of customers.


47 files Highly sensitive INSCOM data. Some data was 'NOFORN' classified, indicating high sensitivity that cannot be shared with foreign allies


12,000 A database backup, called octoly_production.sql, exposed real names, addresses, phone numbers, email addresses, birth dates of thousands of influential online personalities (Instagram, Twitter, and YouTube personalities), like Dior, Lancome, and Blizzard Entertainment

Patient Home Monitoring

316,363 47.5 GB PDF medical records containing weekly blood test results, patient names, addresses, and phone numbers. Development server backups. Doctor's names, case management notes, and additional client information.

SVR Tracking

540,642 Tracking unit information including usernames, passwords, emails, Vehicle Identification Numbers, license plate numbers, IMEI numbers of GPS devices, specific location where the tracking units were hidden, information on customers and 427 dealerships, 116 GB of hourly backups, 8.5 GB of daily backups from 2017, and 339 log documents


9,402 Resumes of Top Secret US military veterans names, addresses, phones, emails, Driver License numbers, passport numbers, partial SSNs

Time Warner/BroadSoft

4 million 600 GB worth of data including usernames, emails addresses, MAC addresses, device serial numbers, and financial transaction information


14 million Verizon customer names, addresses, account details, and Personal Identification Numbers (PIN)


100 MB Data from internal Verizon Wireless system (DVS), 129 Outlook messages, logs, server names & info, admin usernames & passwords


72 files Encrypted compressed archives containing backup of company's IT infrastructure and private GPG keys used to encrypt the compressed archives


3,065,805 Fans names, physical addresses, email addresses, earnings, ethnicity, childrens age ranges, birthdates and additional personally identifiable information

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Aws (11,144
Security (8,706
Documentation (4,490
S3 (1,698
Aws S3 (1,180
Document (776
S3 Bucket (361
Security Vulnerability (243
Information Security (232
Related Projects