Personal information for thousands of FedEx customers worldwide has been exposed after a legacy Amazon Web Services (AWS) cloud storage server was left open to public access without a password.
Kromtech Security Center researchers stumbled upon the AWS S3 bucket, finding that it contained more than 119,000 scanned documents, including passports, drivers’ licenses and Applications for Delivery of Mail Through Agent forms, which contain names, home addresses, phone numbers and ZIP codes.
The victims include citizens of countries around the globe, including Australia, Canada, China, EU countries, Japan, Kuwait, Malaysia, Mexico, Saudi Arabia and others.
The server turned out to be an inherited one, with information from Bongo International – a company that FedEx bought in 2014. Bob Diachenko, head of communications at Kromtech, noted that the shipping giant relaunched Bongo in 2016 as FedEx Cross Border International, to enable international shipping delivery and logistics. That service was closed down last April, but the bucket remained exposed.
“Technically, anybody who used Bongo International services back in 2009–2012 is at risk of having his/her documents scanned and available online for so many years,” Diachenko said. “Seems like [the] bucket has been available for public access for many years in a row. Applications are dated within [the] 2009–2012 range, and it is unknown whether FedEx was aware of that ‘heritage’ when it bought Bongo International back in 2014.”
FedEx has now removed the server from public access and issued a statement saying that there’s no evidence that the data fell into nefarious hands.
“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx told ZDnet. “The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”
Tim Prendergast, CEO of Evident.io, noted that nonetheless, it’s a fact that hackers are actively searching for these kinds of misconfigurations.
“Hackers are going after S3 buckets and other repositories because that’s where the data is but also because they’re easy to find,” he said via email. “There’s a whole hacker cottage industry around finding and exploiting S3 buckets, and it’s growing because as cloud environments grow, so do the number of unsecured assets that are discoverable.”
The incident shows once again that many companies aren’t following best practices when it comes to securing their cloud infrastructure, and many seem confused about whose responsibility it is to provide that security.
“The incident, echoing others we’ve seen time and time again…raises the larger issue that many organizations have not yet fully grasped the idea that most public cloud providers are not managing their data – but are just providing a platform or infrastructure, so the management protection of data is left up to the companies themselves,” Obsidian SecurityCTO Ben Johnson said via email. “It’s critical that enterprises understand the risks of the cloud – that availability and uptime also mean that their data can be easily accessed unless they have the right controls in place.”
Brian NeSmith, CEO and co-founder at Arctic Wolf Networks, added: “We need to get our heads out of the clouds, because cloud services are only as secure as you make them. Companies need to start applying the same rigor and discipline to their cloud infrastructure as they do to their on-premises network.”
The incident also showcases the need to implement good security practices after a merger or acquisition.
“During any M&A transaction it is important that the company who is selling their assets notify their customers that the business is going to be sold and their private data will be transferred to new ownership,” Kromtech’s Diachenko said. “The purchasing company should give customers the option to opt out of their data being transferred and provide a data protection notice. This case highlights just how important it is to audit the digital assets when a company acquires another and to ensure that customer data is secured and properly stored before, during and after the sale. During the integration or migration phase is usually the best time to identify any security and data privacy risks.”
——————————————————————-
From : INFOSECURITY / February 15, 2018
Link : https://www.infosecurity-magazine.com/news/fedex-s3-bucket-exposes-private/
This mode enables people with epilepsy to use the website safely by eliminating the risk of seizures that result from flashing or blinking animations and risky color combinations.
Visually Impaired Mode
Improves website's visuals
This mode adjusts the website for the convenience of users with visual impairments such as Degrading Eyesight, Tunnel Vision, Cataract, Glaucoma, and others.
Cognitive Disability Mode
Helps to focus on specific content
This mode provides different assistive options to help users with cognitive impairments such as Dyslexia, Autism, CVA, and others, to focus on the essential elements of the website more easily.
ADHD Friendly Mode
Reduces distractions and improve focus
This mode helps users with ADHD and Neurodevelopmental disorders to read, browse, and focus on the main website elements more easily while significantly reducing distractions.
Blindness Mode
Allows using the site with your screen-reader
This mode configures the website to be compatible with screen-readers such as JAWS, NVDA, VoiceOver, and TalkBack. A screen-reader is software for blind users that is installed on a computer and smartphone, and websites must be compatible with it.
Online Dictionary
Readable Experience
Content Scaling
Default
Text Magnifier
Readable Font
Dyslexia Friendly
Highlight Titles
Highlight Links
Font Sizing
Default
Line Height
Default
Letter Spacing
Default
Left Aligned
Center Aligned
Right Aligned
Visually Pleasing Experience
Dark Contrast
Light Contrast
Monochrome
High Contrast
High Saturation
Low Saturation
Adjust Text Colors
Adjust Title Colors
Adjust Background Colors
Easy Orientation
Mute Sounds
Hide Images
Virtual Keyboard
Reading Guide
Stop Animations
Reading Mask
Highlight Hover
Highlight Focus
Big Dark Cursor
Big Light Cursor
Cognitive Reading
Navigation Keys
Voice Navigation
Accessibility Statement
www.secnia.go.th
20 May 2025
Compliance status
We firmly believe that the internet should be available and accessible to anyone, and are committed to providing a website that is accessible to the widest possible audience,
regardless of circumstance and ability.
To fulfill this, we aim to adhere as strictly as possible to the World Wide Web Consortium’s (W3C) Web Content Accessibility Guidelines 2.1 (WCAG 2.1) at the AA level.
These guidelines explain how to make web content accessible to people with a wide array of disabilities. Complying with those guidelines helps us ensure that the website is accessible
to all people: blind people, people with motor impairments, visual impairment, cognitive disabilities, and more.
This website utilizes various technologies that are meant to make it as accessible as possible at all times. We utilize an accessibility interface that allows persons with specific
disabilities to adjust the website’s UI (user interface) and design it to their personal needs.
Additionally, the website utilizes an AI-based application that runs in the background and optimizes its accessibility level constantly. This application remediates the website’s HTML,
adapts Its functionality and behavior for screen-readers used by the blind users, and for keyboard functions used by individuals with motor impairments.
If you’ve found a malfunction or have ideas for improvement, we’ll be happy to hear from you. You can reach out to the website’s operators by using the following email
Screen-reader and keyboard navigation
Our website implements the ARIA attributes (Accessible Rich Internet Applications) technique, alongside various different behavioral changes, to ensure blind users visiting with
screen-readers are able to read, comprehend, and enjoy the website’s functions. As soon as a user with a screen-reader enters your site, they immediately receive
a prompt to enter the Screen-Reader Profile so they can browse and operate your site effectively. Here’s how our website covers some of the most important screen-reader requirements,
alongside console screenshots of code examples:
Screen-reader optimization: we run a background process that learns the website’s components from top to bottom, to ensure ongoing compliance even when updating the website.
In this process, we provide screen-readers with meaningful data using the ARIA set of attributes. For example, we provide accurate form labels;
descriptions for actionable icons (social media icons, search icons, cart icons, etc.); validation guidance for form inputs; element roles such as buttons, menus, modal dialogues (popups),
and others. Additionally, the background process scans all the website’s images and provides an accurate and meaningful image-object-recognition-based description as an ALT (alternate text) tag
for images that are not described. It will also extract texts that are embedded within the image, using an OCR (optical character recognition) technology.
To turn on screen-reader adjustments at any time, users need only to press the Alt+1 keyboard combination. Screen-reader users also get automatic announcements to turn the Screen-reader mode on
as soon as they enter the website.
These adjustments are compatible with all popular screen readers, including JAWS and NVDA.
Keyboard navigation optimization: The background process also adjusts the website’s HTML, and adds various behaviors using JavaScript code to make the website operable by the keyboard. This includes the ability to navigate the website using the Tab and Shift+Tab keys, operate dropdowns with the arrow keys, close them with Esc, trigger buttons and links using the Enter key, navigate between radio and checkbox elements using the arrow keys, and fill them in with the Spacebar or Enter key.Additionally, keyboard users will find quick-navigation and content-skip menus, available at any time by clicking Alt+1, or as the first elements of the site while navigating with the keyboard. The background process also handles triggered popups by moving the keyboard focus towards them as soon as they appear, and not allow the focus drift outside it.
Users can also use shortcuts such as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
Disability profiles supported in our website
Epilepsy Safe Mode: this profile enables people with epilepsy to use the website safely by eliminating the risk of seizures that result from flashing or blinking animations and risky color combinations.
Visually Impaired Mode: this mode adjusts the website for the convenience of users with visual impairments such as Degrading Eyesight, Tunnel Vision, Cataract, Glaucoma, and others.
Cognitive Disability Mode: this mode provides different assistive options to help users with cognitive impairments such as Dyslexia, Autism, CVA, and others, to focus on the essential elements of the website more easily.
ADHD Friendly Mode: this mode helps users with ADHD and Neurodevelopmental disorders to read, browse, and focus on the main website elements more easily while significantly reducing distractions.
Blindness Mode: this mode configures the website to be compatible with screen-readers such as JAWS, NVDA, VoiceOver, and TalkBack. A screen-reader is software for blind users that is installed on a computer and smartphone, and websites must be compatible with it.
Keyboard Navigation Profile (Motor-Impaired): this profile enables motor-impaired persons to operate the website using the keyboard Tab, Shift+Tab, and the Enter keys. Users can also use shortcuts such as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
Additional UI, design, and readability adjustments
Font adjustments – users, can increase and decrease its size, change its family (type), adjust the spacing, alignment, line height, and more.
Color adjustments – users can select various color contrast profiles such as light, dark, inverted, and monochrome. Additionally, users can swap color schemes of titles, texts, and backgrounds, with over seven different coloring options.
Animations – person with epilepsy can stop all running animations with the click of a button. Animations controlled by the interface include videos, GIFs, and CSS flashing transitions.
Content highlighting – users can choose to emphasize important elements such as links and titles. They can also choose to highlight focused or hovered elements only.
Audio muting – users with hearing devices may experience headaches or other issues due to automatic audio playing. This option lets users mute the entire website instantly.
Cognitive disorders – we utilize a search engine that is linked to Wikipedia and Wiktionary, allowing people with cognitive disorders to decipher meanings of phrases, initials, slang, and others.
Additional functions – we provide users the option to change cursor color and size, use a printing mode, enable a virtual keyboard, and many other functions.
Browser and assistive technology compatibility
We aim to support the widest array of browsers and assistive technologies as possible, so our users can choose the best fitting tools for them, with as few limitations as possible. Therefore, we have worked very hard to be able to support all major systems that comprise over 95% of the user market share including Google Chrome, Mozilla Firefox, Apple Safari, Opera and Microsoft Edge, JAWS and NVDA (screen readers).
Notes, comments, and feedback
Despite our very best efforts to allow anybody to adjust the website to their needs. There may still be pages or sections that are not fully accessible, are in the process of becoming accessible, or are lacking an adequate technological solution to make them accessible. Still, we are continually improving our accessibility, adding, updating and improving its options and features, and developing and adopting new technologies. All this is meant to reach the optimal level of accessibility, following technological advancements. For any assistance, please reach out to
