These buckets are publicly listable.
[
{
"name": "company-prod-backups",
"created": "2023-01-15",
"public": true,
"files": [
"backup_2024_db.sql.gz",
"users_export.csv",
"financial_report_q4.xlsx"
]
},
{
"name": "company-dev-assets",
"created": "2023-03-22",
"public": true,
"files": [
"test_passwords.txt",
"dev_config.json",
"staging_keys.pem"
]
},
{
"name": "company-logs",
"created": "2023-06-10",
"public": false,
"files": [
"access_log_2024.tar.gz"
]
}
]
In a real attack: wget the CSV/SQL files to extract user data, credentials, and financial records.