bucket Multi CDN S3 bucket leak - logs - Update: fixed

Kevin Beaumont · July 31, 2019

I've emailed Akamai, it appears to be some kind of managed multi CDN solution. Data contains IP address, request URL, browser agent, date and time.

Screenshot, not exhaustive obviously.

Kevin Beaumont · July 31, 2019

It also includes Edgecast data.

Through a bit of OSINT it looks like it may be Tealium, who do a multi-CDN solution. I'm trying to reach them.

Kevin Beaumont · July 31, 2019

Permissions fixed.

Here's the list of data which was exposed:

Bucket	Filename	Size
\| mcdn-logs.s3.amazonaws.com	Axel/adeslassegurcaixa.Akamai.log	14.95MB
\| mcdn-logs.s3.amazonaws.com	Axel/adeslassegurcaixa.EdgeCast.log.gz	24.72kB
\| mcdn-logs.s3.amazonaws.com	Axel/adidas.Akamai.log	24.62GB
\| mcdn-logs.s3.amazonaws.com	Axel/adidas.EdgeCast.log.gz	50.21MB
\| mcdn-logs.s3.amazonaws.com	Axel/aegon.Akamai.log	83.04MB
\| mcdn-logs.s3.amazonaws.com	Axel/aegon.EdgeCast.log.gz	67.09kB
\| mcdn-logs.s3.amazonaws.com	Axel/aktionmensch.Akamai.log	99.38MB
\| mcdn-logs.s3.amazonaws.com	Axel/aktionmensch.EdgeCast.log.gz	25.17kB
\| mcdn-logs.s3.amazonaws.com	Axel/alliander.Akamai.log	8.66MB
\| mcdn-logs.s3.amazonaws.com	Axel/alliander.EdgeCast.log.gz	8.71kB
\| mcdn-logs.s3.amazonaws.com	Axel/allianz-at.Akamai.log	46.29MB
\| mcdn-logs.s3.amazonaws.com	Axel/allianz-at.EdgeCast.log.gz	26.24kB
\| mcdn-logs.s3.amazonaws.com	Axel/allianz-deutschland.Akamai.log	98.76MB
\| mcdn-logs.s3.amazonaws.com	Axel/allianz-deutschland.EdgeCast.log.gz	89.62kB
\| mcdn-logs.s3.amazonaws.com	Axel/allianz-se.Akamai.log	28.13MB
\| mcdn-logs.s3.amazonaws.com	Axel/allianz-se.EdgeCast.log.gz	1.83kB
\| mcdn-logs.s3.amazonaws.com	Axel/amadeus.Akamai.log	132.65MB
\| mcdn-logs.s3.amazonaws.com	Axel/amadeus.EdgeCast.log.gz	69.54kB
\| mcdn-logs.s3.amazonaws.com	Axel/ao.Akamai.log	104.12GB
\| mcdn-logs.s3.amazonaws.com	Axel/ao.EdgeCast.log.gz	17.45MB
\| mcdn-logs.s3.amazonaws.com	Axel/arriva.Akamai.log	1.26GB
\| mcdn-logs.s3.amazonaws.com	Axel/arriva.EdgeCast.log.gz	955.33kB
\| mcdn-logs.s3.amazonaws.com	Axel/asr.Akamai.log	564.96MB
\| mcdn-logs.s3.amazonaws.com	Axel/asr.EdgeCast.log.gz	559.59kB
\| mcdn-logs.s3.amazonaws.com	Axel/astrazeneca.Akamai.log	167.23MB
\| mcdn-logs.s3.amazonaws.com	Axel/astrazeneca.EdgeCast.log.gz	1.59MB
\| mcdn-logs.s3.amazonaws.com	Axel/atg.Akamai.log	1.75GB
\| mcdn-logs.s3.amazonaws.com	Axel/atg.EdgeCast.log.gz	2.16MB
\| mcdn-logs.s3.amazonaws.com	Axel/autotrader.Akamai.log	1.63GB
\| mcdn-logs.s3.amazonaws.com	Axel/autotrader.EdgeCast.log.gz	9.31MB
\| mcdn-logs.s3.amazonaws.com	Axel/avisbudgetgroup.Akamai.log	2.34GB
\| mcdn-logs.s3.amazonaws.com	Axel/avisbudgetgroup.EdgeCast.log.gz	3.35MB
\| mcdn-logs.s3.amazonaws.com	Axel/axelspringer.Akamai.log	55.09GB
\| mcdn-logs.s3.amazonaws.com	Axel/axelspringer.EdgeCast.log.gz	38.06MB
\| mcdn-logs.s3.amazonaws.com	Axel/bahntms.Akamai.log	1.14GB
\| mcdn-logs.s3.amazonaws.com	Axel/bahntms.EdgeCast.log.gz	855.36kB
\| mcdn-logs.s3.amazonaws.com	Axel/bancopopular.Akamai.log	408.83MB
\| mcdn-logs.s3.amazonaws.com	Axel/bancopopular.EdgeCast.log.gz	282.25kB
\| mcdn-logs.s3.amazonaws.com	Axel/barcelohotels.Akamai.log	1.93MB
\| mcdn-logs.s3.amazonaws.com	Axel/barcelohotels.EdgeCast.log.gz	47.00B
\| mcdn-logs.s3.amazonaws.com	Axel/barmer.gek.Akamai.log	303.75MB
\| mcdn-logs.s3.amazonaws.com	Axel/barmer.gek.EdgeCast.log.gz	23.98kB
\| mcdn-logs.s3.amazonaws.com	Axel/basf.Akamai.log	166.05MB
\| mcdn-logs.s3.amazonaws.com	Axel/basf.EdgeCast.log.gz	194.81kB
\| mcdn-logs.s3.amazonaws.com	Axel/bbva.Akamai.log	4.89GB
\| mcdn-logs.s3.amazonaws.com	Axel/bbva.EdgeCast.log.gz	3.40MB
\| mcdn-logs.s3.amazonaws.com	Axel/belgacom.Akamai.log	734.51MB
\| mcdn-logs.s3.amazonaws.com	Axel/belgacom.EdgeCast.log.gz	7.29MB
\| mcdn-logs.s3.amazonaws.com	Axel/beslist.Akamai.log	571.59MB
\| mcdn-logs.s3.amazonaws.com	Axel/beslist.EdgeCast.log.gz	1.67MB
\| mcdn-logs.s3.amazonaws.com	Axel/betvictor.Akamai.log	33.47MB
\| mcdn-logs.s3.amazonaws.com	Axel/betvictor.EdgeCast.log.gz	549.01kB
\| mcdn-logs.s3.amazonaws.com	Axel/bg-thinktank.Akamai.log	0.00B
\| mcdn-logs.s3.amazonaws.com	Axel/bg-thinktank.EdgeCast.log.gz	256.00B
\| mcdn-logs.s3.amazonaws.com	Axel/blackrock.Akamai.log	565.81MB
\| mcdn-logs.s3.amazonaws.com	Axel/blackrock.EdgeCast.log.gz	1.60MB
\| mcdn-logs.s3.amazonaws.com	Axel/bmw.Akamai.log	1.01GB
\| mcdn-logs.s3.amazonaws.com	Axel/bmw.EdgeCast.log.gz	193.64kB
\| mcdn-logs.s3.amazonaws.com	Axel/bnd.Akamai.log	266.92MB
\| mcdn-logs.s3.amazonaws.com	Axel/bnd.EdgeCast.log.gz	212.36kB
\| mcdn-logs.s3.amazonaws.com	Axel/booking.com.Akamai.log	291.87GB
\| mcdn-logs.s3.amazonaws.com	Axel/booking.com.EdgeCast.log.gz	286.86MB
\| mcdn-logs.s3.amazonaws.com	Axel/bradycorp.Akamai.log	71.47MB
\| mcdn-logs.s3.amazonaws.com	Axel/bradycorp.EdgeCast.log.gz	290.99kB
\| mcdn-logs.s3.amazonaws.com	Axel/britax-emea.Akamai.log	8.59MB
\| mcdn-logs.s3.amazonaws.com	Axel/britax-emea.EdgeCast.log.gz	2.83kB
\| mcdn-logs.s3.amazonaws.com	Axel/brusselsairlines.Akamai.log	710.15MB
\| mcdn-logs.s3.amazonaws.com	Axel/brusselsairlines.EdgeCast.log.gz	776.79kB
\| mcdn-logs.s3.amazonaws.com	Axel/bupa.Akamai.log	262.47MB
\| mcdn-logs.s3.amazonaws.com	Axel/bupa.EdgeCast.log.gz	1.48MB
\| mcdn-logs.s3.amazonaws.com	Axel/camelot.Akamai.log	545.98MB
\| mcdn-logs.s3.amazonaws.com	Axel/camelot.EdgeCast.log.gz	7.69MB
\| mcdn-logs.s3.amazonaws.com	Axel/canoneurope.Akamai.log	2.05GB
\| mcdn-logs.s3.amazonaws.com	Axel/canoneurope.EdgeCast.log.gz	1.84MB
\| mcdn-logs.s3.amazonaws.com	Axel/carglass.Akamai.log	3.31MB
\| mcdn-logs.s3.amazonaws.com	Axel/carglass.EdgeCast.log.gz	6.65kB
\| mcdn-logs.s3.amazonaws.com	Axel/caser.Akamai.log	64.41MB
\| mcdn-logs.s3.amazonaws.com	Axel/caser.EdgeCast.log.gz	37.73kB
\| mcdn-logs.s3.amazonaws.com	Axel/cineworld.Akamai.log	236.58MB
\| mcdn-logs.s3.amazonaws.com	Axel/cineworld.EdgeCast.log.gz	1.09MB
\| mcdn-logs.s3.amazonaws.com	Axel/colruytgroup.Akamai.log	194.93MB
\| mcdn-logs.s3.amazonaws.com	Axel/colruytgroup.EdgeCast.log.gz	850.05kB
\| mcdn-logs.s3.amazonaws.com	Axel/condenast.Akamai.log	201.47kB
\| mcdn-logs.s3.amazonaws.com	Axel/condenast.EdgeCast.log.gz	557.00B
\| mcdn-logs.s3.amazonaws.com	Axel/consumentenbond.Akamai.log	151.69MB
\| mcdn-logs.s3.amazonaws.com	Axel/consumentenbond.EdgeCast.log.gz	168.78kB
\| mcdn-logs.s3.amazonaws.com	Axel/coop-ch.Akamai.log	682.40MB
\| mcdn-logs.s3.amazonaws.com	Axel/coop-ch.EdgeCast.log.gz	256.43kB
\| mcdn-logs.s3.amazonaws.com	Axel/coop-dk.Akamai.log	502.12MB
\| mcdn-logs.s3.amazonaws.com	Axel/coop-dk.EdgeCast.log.gz	192.43kB
\| mcdn-logs.s3.amazonaws.com	Axel/coopbank-uk.Akamai.log	132.36MB
\| mcdn-logs.s3.amazonaws.com	Axel/coopbank-uk.EdgeCast.log.gz	893.59kB
\| mcdn-logs.s3.amazonaws.com	Axel/corelio.Akamai.log	14.14GB
\| mcdn-logs.s3.amazonaws.com	Axel/corelio.EdgeCast.log.gz	8.40MB
\| mcdn-logs.s3.amazonaws.com	Axel/ctshirts.Akamai.log	267.79MB
\| mcdn-logs.s3.amazonaws.com	Axel/ctshirts.EdgeCast.log.gz	1.82MB
\| mcdn-logs.s3.amazonaws.com	Axel/debenhams.Akamai.log	1.58GB
\| mcdn-logs.s3.amazonaws.com	Axel/debenhams.EdgeCast.log.gz	8.06MB
\| mcdn-logs.s3.amazonaws.com	Axel/deltalloyd.Akamai.log	21.81MB
\| mcdn-logs.s3.amazonaws.com	Axel/deltalloyd.EdgeCast.log.gz	22.04kB
\| mcdn-logs.s3.amazonaws.com	Axel/depauli.Akamai.log	179.84MB
\| mcdn-logs.s3.amazonaws.com	Axel/depauli.EdgeCast.log.gz	101.09kB
\| mcdn-logs.s3.amazonaws.com	Axel/deutschawm.Akamai.log	0.00B
\| mcdn-logs.s3.amazonaws.com	Axel/deutschawm.EdgeCast.log.gz	44.00B
\| mcdn-logs.s3.amazonaws.com	Axel/diesel.Akamai.log	1.26GB
\| mcdn-logs.s3.amazonaws.com	Axel/diesel.EdgeCast.log.gz	1.54MB
\| mcdn-logs.s3.amazonaws.com	Axel/dnb.Akamai.log	870.94MB
\| mcdn-logs.s3.amazonaws.com	Axel/dnb.EdgeCast.log.gz	825.87kB
\| mcdn-logs.s3.amazonaws.com	Axel/dtcm.Akamai.log	1.33GB
\| mcdn-logs.s3.amazonaws.com	Axel/dtcm.EdgeCast.log.gz	646.65kB
\| mcdn-logs.s3.amazonaws.com	Axel/easyfundraising.Akamai.log	23.77MB
\| mcdn-logs.s3.amazonaws.com	Axel/easyfundraising.EdgeCast.log.gz	94.83kB
\| mcdn-logs.s3.amazonaws.com	Axel/edynamics.Akamai.log	490.48kB
\| mcdn-logs.s3.amazonaws.com	Axel/edynamics.EdgeCast.log.gz	43.00B
\| mcdn-logs.s3.amazonaws.com	Axel/ee.Akamai.log	245.06GB
\| mcdn-logs.s3.amazonaws.com	Axel/ee.EdgeCast.log.gz	211.55MB
\| mcdn-logs.s3.amazonaws.com	Axel/elililly.Akamai.log	4.18MB
\| mcdn-logs.s3.amazonaws.com	Axel/elililly.EdgeCast.log.gz	14.33kB
\| mcdn-logs.s3.amazonaws.com	Axel/emoov.Akamai.log	1.46MB
\| mcdn-logs.s3.amazonaws.com	Axel/emoov.EdgeCast.log.gz	10.27kB
\| mcdn-logs.s3.amazonaws.com	Axel/enbw.Akamai.log	5.22MB
\| mcdn-logs.s3.amazonaws.com	Axel/enbw.EdgeCast.log.gz	4.54kB
\| mcdn-logs.s3.amazonaws.com	Axel/eos.commerce.ag.Akamai.log	337.83MB
\| mcdn-logs.s3.amazonaws.com	Axel/eos.commerce.ag.EdgeCast.log.gz	111.89kB
\| mcdn-logs.s3.amazonaws.com	Axel/epi.Akamai.log	8.59GB
\| mcdn-logs.s3.amazonaws.com	Axel/epi.EdgeCast.log.gz	6.74MB
\| mcdn-logs.s3.amazonaws.com	Axel/fashionid.Akamai.log	745.15MB
\| mcdn-logs.s3.amazonaws.com	Axel/fashionid.EdgeCast.log.gz	508.65kB
\| mcdn-logs.s3.amazonaws.com	Axel/firstrate.Akamai.log	43.82MB
\| mcdn-logs.s3.amazonaws.com	Axel/firstrate.EdgeCast.log.gz	222.41kB
\| mcdn-logs.s3.amazonaws.com	Axel/francetv.Akamai.log	132.83MB
\| mcdn-logs.s3.amazonaws.com	Axel/francetv.EdgeCast.log.gz	161.54kB
\| mcdn-logs.s3.amazonaws.com	Axel/funda.Akamai.log	1.33GB
\| mcdn-logs.s3.amazonaws.com	Axel/funda.EdgeCast.log.gz	271.15kB
\| mcdn-logs.s3.amazonaws.com	Axel/fxclub.Akamai.log	2.44GB
\| mcdn-logs.s3.amazonaws.com	Axel/fxclub.EdgeCast.log.gz	1.95MB
\| mcdn-logs.s3.amazonaws.com	Axel/gadventures.Akamai.log	154.41MB
\| mcdn-logs.s3.amazonaws.com	Axel/gadventures.EdgeCast.log.gz	623.83kB
\| mcdn-logs.s3.amazonaws.com	Axel/gamesys.Akamai.log	170.70MB
\| mcdn-logs.s3.amazonaws.com	Axel/gamesys.EdgeCast.log.gz	4.78MB
\| mcdn-logs.s3.amazonaws.com	Axel/gjensidige.Akamai.log	53.10MB
\| mcdn-logs.s3.amazonaws.com	Axel/gjensidige.EdgeCast.log.gz	44.50kB
\| mcdn-logs.s3.amazonaws.com	Axel/gmg.Akamai.log	488.49MB
\| mcdn-logs.s3.amazonaws.com	Axel/gmg.EdgeCast.log.gz	1.22MB
\| mcdn-logs.s3.amazonaws.com	Axel/goertz.Akamai.log	423.36MB
\| mcdn-logs.s3.amazonaws.com	Axel/goertz.EdgeCast.log.gz	297.06kB
\| mcdn-logs.s3.amazonaws.com	Axel/golfbreaks.Akamai.log	7.59MB
\| mcdn-logs.s3.amazonaws.com	Axel/golfbreaks.EdgeCast.log.gz	55.51kB
\| mcdn-logs.s3.amazonaws.com	Axel/grain-data-consultants.Akamai.log	38.62kB
\| mcdn-logs.s3.amazonaws.com	Axel/grain-data-consultants.EdgeCast.log.gz	659.00B
\| mcdn-logs.s3.amazonaws.com	Axel/grupozeta.Akamai.log	11.50GB
\| mcdn-logs.s3.amazonaws.com	Axel/grupozeta.EdgeCast.log.gz	26.51MB
\| mcdn-logs.s3.amazonaws.com	Axel/gsmg.Akamai.log	3.10GB
\| mcdn-logs.s3.amazonaws.com	Axel/gsmg.EdgeCast.log.gz	2.34MB
\| mcdn-logs.s3.amazonaws.com	Axel/haymarket.Akamai.log	6.75GB
\| mcdn-logs.s3.amazonaws.com	Axel/haymarket.EdgeCast.log.gz	8.36MB
\| mcdn-logs.s3.amazonaws.com	Axel/hcauk-healthcare.Akamai.log	810.80kB
\| mcdn-logs.s3.amazonaws.com	Axel/hcauk-healthcare.EdgeCast.log.gz	50.00B
\| mcdn-logs.s3.amazonaws.com	Axel/heineken.Akamai.log	129.11MB
\| mcdn-logs.s3.amazonaws.com	Axel/heineken.EdgeCast.log.gz	24.14kB
\| mcdn-logs.s3.amazonaws.com	Axel/here.Akamai.log	5.86GB
\| mcdn-logs.s3.amazonaws.com	Axel/here.EdgeCast.log.gz	4.10MB
\| mcdn-logs.s3.amazonaws.com	Axel/hm.Akamai.log	38.83GB
\| mcdn-logs.s3.amazonaws.com	Axel/hm.EdgeCast.log.gz	43.84MB
\| mcdn-logs.s3.amazonaws.com	Axel/hotelopia.Akamai.log	103.11MB
\| mcdn-logs.s3.amazonaws.com	Axel/hotelopia.EdgeCast.log.gz	103.75kB
\| mcdn-logs.s3.amazonaws.com	Axel/hrs.Akamai.log	2.21GB
\| mcdn-logs.s3.amazonaws.com	Axel/hrs.EdgeCast.log.gz	1.85MB
\| mcdn-logs.s3.amazonaws.com	Axel/hsbc.Akamai.log	25.06GB
\| mcdn-logs.s3.amazonaws.com	Axel/hsbc.EdgeCast.log.gz	16.35MB
\| mcdn-logs.s3.amazonaws.com	Axel/hsx.Akamai.log	199.45MB
\| mcdn-logs.s3.amazonaws.com	Axel/hsx.EdgeCast.log.gz	594.30kB
\| mcdn-logs.s3.amazonaws.com	Axel/idealista.Akamai.log	1.88GB
\| mcdn-logs.s3.amazonaws.com	Axel/idealista.EdgeCast.log.gz	3.86MB
\| mcdn-logs.s3.amazonaws.com	Axel/ikea.Akamai.log	33.55GB
\| mcdn-logs.s3.amazonaws.com	Axel/ikea.EdgeCast.log.gz	97.48MB
\| mcdn-logs.s3.amazonaws.com	Axel/immobilienscout.Akamai.log	43.18GB
\| mcdn-logs.s3.amazonaws.com	Axel/immobilienscout.EdgeCast.log.gz	3.24MB
\| mcdn-logs.s3.amazonaws.com	Axel/kaplan.Akamai.log	340.79MB
\| mcdn-logs.s3.amazonaws.com	Axel/kaplan.EdgeCast.log.gz	183.55kB
\| mcdn-logs.s3.amazonaws.com	Axel/kaxmedia.Akamai.log	3.26MB
\| mcdn-logs.s3.amazonaws.com	Axel/kaxmedia.EdgeCast.log.gz	16.31kB
\| mcdn-logs.s3.amazonaws.com	Axel/kingfisher.Akamai.log	875.56MB
\| mcdn-logs.s3.amazonaws.com	Axel/kingfisher.EdgeCast.log.gz	5.84MB
\| mcdn-logs.s3.amazonaws.com	Axel/kwf-adversitement.Akamai.log	8.16MB
\| mcdn-logs.s3.amazonaws.com	Axel/kwf-adversitement.EdgeCast.log.gz	11.71kB
\| mcdn-logs.s3.amazonaws.com	Axel/leguide.Akamai.log	56.94MB
\| mcdn-logs.s3.amazonaws.com	Axel/leguide.EdgeCast.log.gz	52.46kB
\| mcdn-logs.s3.amazonaws.com	Axel/leroymerlinit.Akamai.log	198.97MB
\| mcdn-logs.s3.amazonaws.com	Axel/leroymerlinit.EdgeCast.log.gz	817.83kB
\| mcdn-logs.s3.amazonaws.com	Axel/lgi.Akamai.log	3.02GB
\| mcdn-logs.s3.amazonaws.com	Axel/lgi.EdgeCast.log.gz	5.96MB
\| mcdn-logs.s3.amazonaws.com	Axel/liberty-seguros.Akamai.log	11.98MB
\| mcdn-logs.s3.amazonaws.com	Axel/liberty-seguros.EdgeCast.log.gz	22.80kB
\| mcdn-logs.s3.amazonaws.com	Axel/lineadirecta.Akamai.log	124.67MB
\| mcdn-logs.s3.amazonaws.com	Axel/lineadirecta.EdgeCast.log.gz	266.59kB
\| mcdn-logs.s3.amazonaws.com	Axel/lloyds.Akamai.log	341.41MB
\| mcdn-logs.s3.amazonaws.com	Axel/lloyds.EdgeCast.log.gz	1.25MB
\| mcdn-logs.s3.amazonaws.com	Axel/lottery-ie.Akamai.log	288.09MB
\| mcdn-logs.s3.amazonaws.com	Axel/lottery-ie.EdgeCast.log.gz	563.37kB
\| mcdn-logs.s3.amazonaws.com	Axel/louisvuitton.Akamai.log	255.12MB
\| mcdn-logs.s3.amazonaws.com	Axel/louisvuitton.EdgeCast.log.gz	9.30kB
\| mcdn-logs.s3.amazonaws.com	Axel/lufthansa.Akamai.log	5.60GB
\| mcdn-logs.s3.amazonaws.com	Axel/lufthansa.EdgeCast.log.gz	5.62MB
\| mcdn-logs.s3.amazonaws.com	Axel/mainova.Akamai.log	8.08MB
\| mcdn-logs.s3.amazonaws.com	Axel/mainova.EdgeCast.log.gz	7.47kB
\| mcdn-logs.s3.amazonaws.com	Axel/marksandspencer.Akamai.log	1.30GB
\| mcdn-logs.s3.amazonaws.com	Axel/marksandspencer.EdgeCast.log.gz	5.38MB
\| mcdn-logs.s3.amazonaws.com	Axel/maxdome.Akamai.log	813.72MB
\| mcdn-logs.s3.amazonaws.com	Axel/maxdome.EdgeCast.log.gz	1.69MB
\| mcdn-logs.s3.amazonaws.com	Axel/maxmara.Akamai.log	517.49MB
\| mcdn-logs.s3.amazonaws.com	Axel/maxmara.EdgeCast.log.gz	1.07MB
\| mcdn-logs.s3.amazonaws.com	Axel/mbna.Akamai.log	225.92MB
\| mcdn-logs.s3.amazonaws.com	Axel/mbna.EdgeCast.log.gz	0.97MB
\| mcdn-logs.s3.amazonaws.com	Axel/mcdonalds.Akamai.log	752.19MB
\| mcdn-logs.s3.amazonaws.com	Axel/mcdonalds.EdgeCast.log.gz	106.91kB
\| mcdn-logs.s3.amazonaws.com	Axel/mediaset.Akamai.log	4.19GB
\| mcdn-logs.s3.amazonaws.com	Axel/mediaset.EdgeCast.log.gz	21.06MB
\| mcdn-logs.s3.amazonaws.com	Axel/melia.Akamai.log	5.42GB
\| mcdn-logs.s3.amazonaws.com	Axel/melia.EdgeCast.log.gz	7.25MB
\| mcdn-logs.s3.amazonaws.com	Axel/merck.Akamai.log	400.12MB
\| mcdn-logs.s3.amazonaws.com	Axel/merck.EdgeCast.log.gz	3.71MB
\| mcdn-logs.s3.amazonaws.com	Axel/milkround.Akamai.log	163.99kB
\| mcdn-logs.s3.amazonaws.com	Axel/milkround.EdgeCast.log.gz	670.00B
\| mcdn-logs.s3.amazonaws.com	Axel/missetam.Akamai.log	0.00B
\| mcdn-logs.s3.amazonaws.com	Axel/missetam.EdgeCast.log.gz	42.00B
\| mcdn-logs.s3.amazonaws.com	Axel/missguided.com.Akamai.log	275.99MB
\| mcdn-logs.s3.amazonaws.com	Axel/missguided.com.EdgeCast.log.gz	2.14MB
\| mcdn-logs.s3.amazonaws.com	Axel/mobistar.Akamai.log	103.91MB
\| mcdn-logs.s3.amazonaws.com	Axel/mobistar.EdgeCast.log.gz	666.60kB
\| mcdn-logs.s3.amazonaws.com	Axel/monclick.Akamai.log	69.91MB
\| mcdn-logs.s3.amazonaws.com	Axel/monclick.EdgeCast.log.gz	556.98kB
\| mcdn-logs.s3.amazonaws.com	Axel/mumsnet.Akamai.log	420.94kB
\| mcdn-logs.s3.amazonaws.com	Axel/mumsnet.EdgeCast.log.gz	41.00B
\| mcdn-logs.s3.amazonaws.com	Axel/mutuamadrilena.Akamai.log	103.04MB
\| mcdn-logs.s3.amazonaws.com	Axel/mutuamadrilena.EdgeCast.log.gz	198.12kB
\| mcdn-logs.s3.amazonaws.com	Axel/nbty.Akamai.log	311.73MB
\| mcdn-logs.s3.amazonaws.com	Axel/nbty.EdgeCast.log.gz	1.68MB
\| mcdn-logs.s3.amazonaws.com	Axel/newsinternational.Akamai.log	17.47GB
\| mcdn-logs.s3.amazonaws.com	Axel/newsinternational.EdgeCast.log.gz	51.94MB
\| mcdn-logs.s3.amazonaws.com	Axel/newsquestdm.Akamai.log	1.18GB
\| mcdn-logs.s3.amazonaws.com	Axel/newsquestdm.EdgeCast.log.gz	6.90MB
\| mcdn-logs.s3.amazonaws.com	Axel/nh-hoteles.Akamai.log	320.61MB
\| mcdn-logs.s3.amazonaws.com	Axel/nh-hoteles.EdgeCast.log.gz	509.14kB
\| mcdn-logs.s3.amazonaws.com	Axel/nisbets.Akamai.log	70.24MB
\| mcdn-logs.s3.amazonaws.com	Axel/nisbets.EdgeCast.log.gz	408.85kB
\| mcdn-logs.s3.amazonaws.com	Axel/nordea.Akamai.log	3.03MB
\| mcdn-logs.s3.amazonaws.com	Axel/nordea.EdgeCast.log.gz	3.35kB
\| mcdn-logs.s3.amazonaws.com	Axel/norsktipping.Akamai.log	599.73MB
\| mcdn-logs.s3.amazonaws.com	Axel/norsktipping.EdgeCast.log.gz	668.45kB
\| mcdn-logs.s3.amazonaws.com	Axel/northern-and-shell.Akamai.log	19.48GB
\| mcdn-logs.s3.amazonaws.com	Axel/northern-and-shell.EdgeCast.log.gz	43.69MB
\| mcdn-logs.s3.amazonaws.com	Axel/npower.Akamai.log	18.06MB
\| mcdn-logs.s3.amazonaws.com	Axel/npower.EdgeCast.log.gz	1.70kB
\| mcdn-logs.s3.amazonaws.com	Axel/obos.Akamai.log	24.96GB
\| mcdn-logs.s3.amazonaws.com	Axel/obos.EdgeCast.log.gz	2.79MB
\| mcdn-logs.s3.amazonaws.com	Axel/oev.Akamai.log	760.52MB
\| mcdn-logs.s3.amazonaws.com	Axel/oev.EdgeCast.log.gz	316.64kB
\| mcdn-logs.s3.amazonaws.com	Axel/option24.Akamai.log	416.19MB
\| mcdn-logs.s3.amazonaws.com	Axel/option24.EdgeCast.log.gz	468.42kB
\| mcdn-logs.s3.amazonaws.com	Axel/orange-es.Akamai.log	710.79MB
\| mcdn-logs.s3.amazonaws.com	Axel/orange-es.EdgeCast.log.gz	5.44MB
\| mcdn-logs.s3.amazonaws.com	Axel/orange.Akamai.log	6.68GB
\| mcdn-logs.s3.amazonaws.com	Axel/orange.EdgeCast.log.gz	43.56MB
\| mcdn-logs.s3.amazonaws.com	Axel/orangech.Akamai.log	560.28kB
\| mcdn-logs.s3.amazonaws.com	Axel/orangech.EdgeCast.log.gz	619.00B
\| mcdn-logs.s3.amazonaws.com	Axel/pandora.Akamai.log	3.85GB
\| mcdn-logs.s3.amazonaws.com	Axel/pandora.EdgeCast.log.gz	15.44MB
\| mcdn-logs.s3.amazonaws.com	Axel/partenamut.Akamai.log	30.06MB
\| mcdn-logs.s3.amazonaws.com	Axel/partenamut.EdgeCast.log.gz	98.30kB
\| mcdn-logs.s3.amazonaws.com	Axel/pictet.Akamai.log	0.96MB
\| mcdn-logs.s3.amazonaws.com	Axel/pictet.EdgeCast.log.gz	684.00B
\| mcdn-logs.s3.amazonaws.com	Axel/pon.Akamai.log	74.66GB
\| mcdn-logs.s3.amazonaws.com	Axel/pon.EdgeCast.log.gz	32.96MB
\| mcdn-logs.s3.amazonaws.com	Axel/porsche-at.Akamai.log	621.86MB
\| mcdn-logs.s3.amazonaws.com	Axel/porsche-at.EdgeCast.log.gz	330.58kB
\| mcdn-logs.s3.amazonaws.com	Axel/postbank.Akamai.log	10.32MB
\| mcdn-logs.s3.amazonaws.com	Axel/postbank.EdgeCast.log.gz	42.00B
\| mcdn-logs.s3.amazonaws.com	Axel/pro7.Akamai.log	7.65GB
\| mcdn-logs.s3.amazonaws.com	Axel/pro7.EdgeCast.log.gz	5.38MB
\| mcdn-logs.s3.amazonaws.com	Axel/pulsecomms.Akamai.log	5.62MB
\| mcdn-logs.s3.amazonaws.com	Axel/pulsecomms.EdgeCast.log.gz	5.60kB
\| mcdn-logs.s3.amazonaws.com	Axel/qvc.Akamai.log	3.68GB
\| mcdn-logs.s3.amazonaws.com	Axel/qvc.EdgeCast.log.gz	44.79MB
\| mcdn-logs.s3.amazonaws.com	Axel/rakuten.Akamai.log	10.08GB
\| mcdn-logs.s3.amazonaws.com	Axel/rakuten.EdgeCast.log.gz	617.34kB
\| mcdn-logs.s3.amazonaws.com	Axel/rankgaming.Akamai.log	49.55MB
\| mcdn-logs.s3.amazonaws.com	Axel/rankgaming.EdgeCast.log.gz	1.08MB
\| mcdn-logs.s3.amazonaws.com	Axel/raumfeld.Akamai.log	408.89MB
\| mcdn-logs.s3.amazonaws.com	Axel/raumfeld.EdgeCast.log.gz	239.09kB
\| mcdn-logs.s3.amazonaws.com	Axel/robeco.Akamai.log	4.60MB
\| mcdn-logs.s3.amazonaws.com	Axel/robeco.EdgeCast.log.gz	7.48kB
\| mcdn-logs.s3.amazonaws.com	Axel/robert-bosch.Akamai.log	1.75MB
\| mcdn-logs.s3.amazonaws.com	Axel/robert-bosch.EdgeCast.log.gz	1.99kB
\| mcdn-logs.s3.amazonaws.com	Axel/royalmail.Akamai.log	517.24MB
\| mcdn-logs.s3.amazonaws.com	Axel/royalmail.EdgeCast.log.gz	1.65MB
\| mcdn-logs.s3.amazonaws.com	Axel/sabadell.Akamai.log	1.43GB
\| mcdn-logs.s3.amazonaws.com	Axel/sabadell.EdgeCast.log.gz	2.25MB
\| mcdn-logs.s3.amazonaws.com	Axel/sage.Akamai.log	42.78GB
\| mcdn-logs.s3.amazonaws.com	Axel/sage.EdgeCast.log.gz	1.45MB
\| mcdn-logs.s3.amazonaws.com	Axel/sanitas.Akamai.log	12.51MB
\| mcdn-logs.s3.amazonaws.com	Axel/sanitas.EdgeCast.log.gz	13.59kB
\| mcdn-logs.s3.amazonaws.com	Axel/sanoma.Akamai.log	4.63GB
\| mcdn-logs.s3.amazonaws.com	Axel/sanoma.EdgeCast.log.gz	9.10MB
\| mcdn-logs.s3.amazonaws.com	Axel/santander.Akamai.log	174.30GB
\| mcdn-logs.s3.amazonaws.com	Axel/santander.EdgeCast.log.gz	23.33MB
\| mcdn-logs.s3.amazonaws.com	Axel/schibsted.Akamai.log	82.38GB
\| mcdn-logs.s3.amazonaws.com	Axel/schibsted.EdgeCast.log.gz	94.97MB
\| mcdn-logs.s3.amazonaws.com	Axel/schweizerischepost.Akamai.log	0.99GB
\| mcdn-logs.s3.amazonaws.com	Axel/schweizerischepost.EdgeCast.log.gz	200.00kB
\| mcdn-logs.s3.amazonaws.com	Axel/sdv-it.Akamai.log	21.75kB
\| mcdn-logs.s3.amazonaws.com	Axel/sdv-it.EdgeCast.log.gz	40.00B
\| mcdn-logs.s3.amazonaws.com	Axel/selfridges.Akamai.log	509.35MB
\| mcdn-logs.s3.amazonaws.com	Axel/selfridges.EdgeCast.log.gz	1.13MB
\| mcdn-logs.s3.amazonaws.com	Axel/sick.Akamai.log	464.56MB
\| mcdn-logs.s3.amazonaws.com	Axel/sick.EdgeCast.log.gz	100.98kB
\| mcdn-logs.s3.amazonaws.com	Axel/sisal.Akamai.log	561.39MB
\| mcdn-logs.s3.amazonaws.com	Axel/sisal.EdgeCast.log.gz	2.01MB
\| mcdn-logs.s3.amazonaws.com	Axel/snowandrock.Akamai.log	4.51kB
\| mcdn-logs.s3.amazonaws.com	Axel/snowandrock.EdgeCast.log.gz	45.00B
\| mcdn-logs.s3.amazonaws.com	Axel/stenalinetealium.Akamai.log	472.33MB
\| mcdn-logs.s3.amazonaws.com	Axel/stenalinetealium.EdgeCast.log.gz	614.82kB
\| mcdn-logs.s3.amazonaws.com	Axel/swisscom.Akamai.log	6.90GB
\| mcdn-logs.s3.amazonaws.com	Axel/swisscom.EdgeCast.log.gz	1.08MB
\| mcdn-logs.s3.amazonaws.com	Axel/t-systems.Akamai.log	59.31MB
\| mcdn-logs.s3.amazonaws.com	Axel/t-systems.EdgeCast.log.gz	2.41kB
\| mcdn-logs.s3.amazonaws.com	Axel/takeaway.Akamai.log	145.92MB
\| mcdn-logs.s3.amazonaws.com	Axel/takeaway.EdgeCast.log.gz	7.73kB
\| mcdn-logs.s3.amazonaws.com	Axel/tdc-group.Akamai.log	754.62MB
\| mcdn-logs.s3.amazonaws.com	Axel/tdc-group.EdgeCast.log.gz	545.77kB
\| mcdn-logs.s3.amazonaws.com	Axel/tedbaker.Akamai.log	721.05MB
\| mcdn-logs.s3.amazonaws.com	Axel/tedbaker.EdgeCast.log.gz	2.89MB
\| mcdn-logs.s3.amazonaws.com	Axel/telefonica.Akamai.log	1.08GB
\| mcdn-logs.s3.amazonaws.com	Axel/telefonica.EdgeCast.log.gz	1.78MB
\| mcdn-logs.s3.amazonaws.com	Axel/telekom.Akamai.log	108.22GB
\| mcdn-logs.s3.amazonaws.com	Axel/telekom.EdgeCast.log.gz	11.13MB
\| mcdn-logs.s3.amazonaws.com	Axel/telenor-global.Akamai.log	70.51MB
\| mcdn-logs.s3.amazonaws.com	Axel/telenor-global.EdgeCast.log.gz	48.29kB
\| mcdn-logs.s3.amazonaws.com	Axel/telenor.Akamai.log	570.52MB
\| mcdn-logs.s3.amazonaws.com	Axel/telenor.EdgeCast.log.gz	840.51kB
\| mcdn-logs.s3.amazonaws.com	Axel/tfl.Akamai.log	1.78GB
\| mcdn-logs.s3.amazonaws.com	Axel/tfl.EdgeCast.log.gz	3.09MB
\| mcdn-logs.s3.amazonaws.com	Axel/theaa.Akamai.log	119.61MB
\| mcdn-logs.s3.amazonaws.com	Axel/theaa.EdgeCast.log.gz	1.05MB
\| mcdn-logs.s3.amazonaws.com	Axel/thesedays.Akamai.log	0.00B
\| mcdn-logs.s3.amazonaws.com	Axel/thesedays.EdgeCast.log.gz	43.00B
\| mcdn-logs.s3.amazonaws.com	Axel/tmggroup.Akamai.log	3.69GB
\| mcdn-logs.s3.amazonaws.com	Axel/tmggroup.EdgeCast.log.gz	5.49MB
\| mcdn-logs.s3.amazonaws.com	Axel/tomtom.Akamai.log	1.59GB
\| mcdn-logs.s3.amazonaws.com	Axel/tomtom.EdgeCast.log.gz	2.43MB
\| mcdn-logs.s3.amazonaws.com	Axel/totalms.Akamai.log	185.47MB
\| mcdn-logs.s3.amazonaws.com	Axel/totalms.EdgeCast.log.gz	234.77kB
\| mcdn-logs.s3.amazonaws.com	Axel/trendmicro.Akamai.log	1.61GB
\| mcdn-logs.s3.amazonaws.com	Axel/trendmicro.EdgeCast.log.gz	1.70MB
\| mcdn-logs.s3.amazonaws.com	Axel/tripsta.Akamai.log	3.87GB
\| mcdn-logs.s3.amazonaws.com	Axel/tripsta.EdgeCast.log.gz	814.53kB
\| mcdn-logs.s3.amazonaws.com	Axel/tryba.Akamai.log	4.25MB
\| mcdn-logs.s3.amazonaws.com	Axel/tryba.EdgeCast.log.gz	12.99kB
\| mcdn-logs.s3.amazonaws.com	Axel/tryg.Akamai.log	93.76MB
\| mcdn-logs.s3.amazonaws.com	Axel/tryg.EdgeCast.log.gz	48.77kB
\| mcdn-logs.s3.amazonaws.com	Axel/tsb.Akamai.log	2.24GB
\| mcdn-logs.s3.amazonaws.com	Axel/tsb.EdgeCast.log.gz	12.97MB
\| mcdn-logs.s3.amazonaws.com	Axel/tui.Akamai.log	4.66GB
\| mcdn-logs.s3.amazonaws.com	Axel/tui.EdgeCast.log.gz	2.17MB
\| mcdn-logs.s3.amazonaws.com	Axel/turkcell.Akamai.log	6.00GB
\| mcdn-logs.s3.amazonaws.com	Axel/turkcell.EdgeCast.log.gz	538.18kB
\| mcdn-logs.s3.amazonaws.com	Axel/tv5monde.Akamai.log	207.28kB
\| mcdn-logs.s3.amazonaws.com	Axel/tv5monde.EdgeCast.log.gz	42.00B
\| mcdn-logs.s3.amazonaws.com	Axel/twinings.Akamai.log	7.62MB
\| mcdn-logs.s3.amazonaws.com	Axel/twinings.EdgeCast.log.gz	19.18kB
\| mcdn-logs.s3.amazonaws.com	Axel/uefa.Akamai.log	1.83GB
\| mcdn-logs.s3.amazonaws.com	Axel/uefa.EdgeCast.log.gz	1.51MB
\| mcdn-logs.s3.amazonaws.com	Axel/unicredit.Akamai.log	525.75MB
\| mcdn-logs.s3.amazonaws.com	Axel/unicredit.EdgeCast.log.gz	800.31kB
\| mcdn-logs.s3.amazonaws.com	Axel/unive.Akamai.log	6.50GB
\| mcdn-logs.s3.amazonaws.com	Axel/unive.EdgeCast.log.gz	1.70MB
\| mcdn-logs.s3.amazonaws.com	Axel/urbanoutfitters.Akamai.log	5.84GB
\| mcdn-logs.s3.amazonaws.com	Axel/urbanoutfitters.EdgeCast.log.gz	40.96MB
\| mcdn-logs.s3.amazonaws.com	Axel/utopiatv.Akamai.log	156.22MB
\| mcdn-logs.s3.amazonaws.com	Axel/utopiatv.EdgeCast.log.gz	304.82kB
\| mcdn-logs.s3.amazonaws.com	Axel/vacansoleil.Akamai.log	300.04MB
\| mcdn-logs.s3.amazonaws.com	Axel/vacansoleil.EdgeCast.log.gz	364.41kB
\| mcdn-logs.s3.amazonaws.com	Axel/vente-privee.Akamai.log	1.65GB
\| mcdn-logs.s3.amazonaws.com	Axel/vente-privee.EdgeCast.log.gz	3.26MB
\| mcdn-logs.s3.amazonaws.com	Axel/vgz.Akamai.log	206.77MB
\| mcdn-logs.s3.amazonaws.com	Axel/vgz.EdgeCast.log.gz	178.44kB
\| mcdn-logs.s3.amazonaws.com	Axel/vodafone.Akamai.log	227.82GB
\| mcdn-logs.s3.amazonaws.com	Axel/vodafone.EdgeCast.log.gz	236.56MB
\| mcdn-logs.s3.amazonaws.com	Axel/volvo.Akamai.log	2.86GB
\| mcdn-logs.s3.amazonaws.com	Axel/volvo.EdgeCast.log.gz	7.21MB
\| mcdn-logs.s3.amazonaws.com	Axel/yara.Akamai.log	1.84GB
\| mcdn-logs.s3.amazonaws.com	Axel/yara.EdgeCast.log.gz	296.00kB
\| mcdn-logs.s3.amazonaws.com	Axel/yemeksepeti.Akamai.log	3.09GB
\| mcdn-logs.s3.amazonaws.com	Axel/yemeksepeti.EdgeCast.log.gz	269.70kB
\| mcdn-logs.s3.amazonaws.com	Axel/zegna.Akamai.log	54.22MB
\| mcdn-logs.s3.amazonaws.com	Axel/zegna.EdgeCast.log.gz	210.37kB
\| mcdn-logs.s3.amazonaws.com	Axel/zoover.Akamai.log	356.48MB
\| mcdn-logs.s3.amazonaws.com	Axel/zoover.EdgeCast.log.gz	377.01kB
\| mcdn-logs.s3.amazonaws.com	Axel/zurich.Akamai.log	717.94MB
\| mcdn-logs.s3.amazonaws.com	Axel/zurich.EdgeCast.log.gz	299.14kB
\| mcdn-logs.s3.amazonaws.com	autonation/may_akamai.log	710.91MB
\| mcdn-logs.s3.amazonaws.com	autonation/may_edgecast.log	3.33GB
\| mcdn-logs.s3.amazonaws.com	dominos-pe_may_akamai.log	282.88MB

John Kelly · July 31, 2019

You get a response from anyone at Tealium yet?

Kevin Beaumont · July 31, 2019

10 minutes ago, John Kelly said:

You get a response from anyone at Tealium yet?

Yep, got a thanks. Don’t want to post the guy’s full response as I went to somebody directly, and I suspect their message may evolve.

Mike James · August 1, 2019

Damn, that is full on crazy! 😱

But, at least it's fixed. Excellent work!

Kevin Beaumont · August 1, 2019

6 hours ago, Mike James said:

Damn, that is full on crazy! 😱

But, at least it's fixed. Excellent work!

Yep it got fixed pretty quick when I tracked down the owner, the bucket had an employee name on it thankfully which let me track down the company. It’s been open for years so I hope no businesses put tokens and such in GET requests 😅

I found it by accident when looking for our business data being exposed.

Kevin Beaumont · August 1, 2019

A quick update, they also had some tag logs in the MultiCDN bucket for some reason.

Contents was URL referrer (ie customer URL of page with tag), date, time, browser user agent and IP address.

Klaus-E. Klingner · August 2, 2019

I just saw this on the Tealium status page. Thanks again, Kevin for the notification!

Rg

Klaus

Kevin Beaumont · August 2, 2019

No problem.

Regarding Tealium notification, the logs included:

IP address
URL (get request including query strings)
URL referrer
date
time
browser user agent

It also included some Tag customers, the Tag logs included referrers, rather than just Multi-CDN.

Kevin Beaumont · August 2, 2019

I should also clarify, Akamai and AWS were really quick to respond on this, both jumped on it. The way we found out it was Tealium was because an employee's name was on the bucket.

Mohammed Fadzil Haron · August 9, 2019

Good work, Kevin. Too many scary leaks involving S3 already

Recently Browsing 0 members

bucket Multi CDN S3 bucket leak - logs - Update: fixed

Recommended Posts

Kevin Beaumont 110

Share this post

Link to post

Kevin Beaumont 110

Share this post

Link to post

Kevin Beaumont 110

Share this post

Link to post

John Kelly 10

Share this post

Link to post

Kevin Beaumont 110

Share this post

Link to post

Mike James 2

Share this post

Link to post

Kevin Beaumont 110

Share this post

Link to post

Kevin Beaumont 110

Share this post

Link to post

Klaus-E. Klingner 0

Share this post

Link to post

Kevin Beaumont 110

Share this post

Link to post

Kevin Beaumont 110

Share this post

Link to post

Mohammed Fadzil Haron 0

Share this post

Link to post

Create an account or sign in to comment

Create an account

Sign in

Members online now

Similar Content

OpenSecurity.global

Help

Important Information