^new^ | Filecatalyst+leak

| Monitoring Layer | Status Pre‑Incident | Gap | |------------------|--------------------|-----| | | No automated inventory of S3 bucket ACLs. | Missed public‑read flag. | | Data‑loss‑prevention (DLP) | DLP policies applied only to on‑prem file shares. | No coverage for cloud staging. | | FileCatalyst logs | Logs recorded transfer events, not bucket policies. | No alert for insecure configuration. | | Third‑party security tools | No active Amazon Macie or AWS Config rules. | Missed classification of sensitive data in public bucket. |

A fast file-copying tool for Linux/Unix. When misconfigured with "read only = false" and no "auth users" , anyone can list, download, upload, or delete files without a password. filecatalyst+leak

| Date/Time (UTC) | Event | |-----------------|-------| | | Customer A (a media studio) initiates a 120 GB video transfer using FileCatalyst Enterprise. | | 2024‑01‑06 08:14 | FileCatalyst server creates a temporary object in the S3 bucket fc‑staging‑prod-us-east-1 . | | 2024‑01‑06 08:16 | An AWS CloudFormation script executed by the IT team mistakenly sets the bucket’s ACL to public-read instead of the intended private . | | 2024‑01‑06 08:20 – 2024‑01‑15 23:45 | Over 340 customers upload files ranging from 200 MB to 12 GB. All objects inherit the public‑read ACL. | | 2024‑01‑15 23:45 | Security researcher “CypherShade” discovers the bucket via a S3 bucket enumeration tool and posts the find on HackerOne (public disclosure). | | 2024‑01‑16 01:20 | FileCatalyst’s internal security team receives the HackerOne notification. | | 2024‑01‑16 04:00 | FileCatalyst disables public access to the bucket, revokes all signed URLs, and initiates forensic collection. | | 2024‑01‑16 12:00 | FileCatalyst notifies affected customers (first batch of 120). | | 2024‑01‑16 18:30 | Full list of impacted customers (≈ 340) compiled; detailed data‑exposure matrix prepared. | | 2024‑01‑17 08:00 | FileCatalyst releases Patch 1.6.3 fixing the default bucket‑policy handling in the management console. | | 2024‑01‑18 10:00 | Public statement issued by Open Text, acknowledging the breach and outlining remediation steps. | | 2024‑02‑02 | Independent third‑party audit (Mandiant) publishes a post‑incident report confirming root cause and recommending mitigations. | | Monitoring Layer | Status Pre‑Incident | Gap

The product is widely used in media & entertainment, aerospace, automotive, and life‑science sectors, where multi‑gigabyte files are transferred daily. | No coverage for cloud staging