Tom Forbes recently published an interesting article detailing how a strange pull request on his pypi-data project led him to discover a publicly available release file that contained a hard coded AWS access key and an AWS secret key. This key was still active and allowed Tom access to an AWS bucket containing clinical data for John Hopkins Hospital. Interestingly Tom tried to do the right thing and alert InfoSys that this needed to be taken down but he was unable to find a way to alert them. Not a great look for InfoSys…
Full article here!