FulcrumSec published a 140GB breach report showing that CVE-2025-55182 (React2Shell) exploited on an unpatched internet-facing host allowed attackers to obtain ECS credentials and access 57 S3 buckets and AWS Secrets Manager across Unique Computing, ReFocus AI, and Gennet AI. The compromise exposed roughly 23,000 insurance policyholders and $796,847,366 in aggregate premiums—including driver license numbers, SSNs, and proprietary ML models and pipelines—alongside other sensitive company and education data. #CVE2025-55182 #UniqueComputing
Keypoints
- Attack exploited CVE-2025-55182 (React2Shell) on an unpatched internet-facing host, yielding ECS credentials and access to 57 S3 buckets and AWS Secrets Manager.
- A single AWS account was shared by Unique Computing, ReFocus AI, and Gennet AI with no separation or isolation, allowing one compromised key to expose all linked data.
- Leaked insurance records span 11+ agencies and roughly 23,000 named insureds with $796,847,366 (~$797M) in aggregate premiums, including driver license numbers and SSNs.
- ReFocus AI’s proprietary ML pipeline and artifacts were exposed, including 11 client churn models, production artifacts, feature engineering pipelines, and 713 data intake files.
- FulcrumSec accused Unique Computing of failing to patch the vulnerability and not cooperating after the breach, and offered compensation to affected Patriotic Insurance policyholders.
DarkWebInformer.com Providing intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!