databreach infosec misconfigurations Rwanda World

Rwanda Rural Rehabilitation Initiative (RWARRI): 14,000 files exposed in Bucket (S3)

noviembre 29, 2025 0

Rwanda Rural Rehabilitation Initiative (RWARRI): 14,000 files exposed in Bucket (S3)

Reviewing my old notes and checking if the issue was still present, I sent a responsible disclosure last year to:

The Rwanda Rural Rehabilitation Initiative (RWARRI) is a Rwandan non-governmental organization (NGO) dedicated to improving the social and economic well-being of rural communities.

At that time, an S3 bucket containing at least 14,000 files was exposed. Therefore, I sent an email to the organization explaining the situation: ID cards, vouchers, letters, invoices, etc.

You can see in the sample a file of an attendance sheet for a meeting of an agricultural project in Rwanda, that sheet contained personal data such as names and surnames, Rwandan national identity card number, Sex, Telephone, Organization, signature.

an example of the files exposed by this entity

You can see in the sample a file of an attendance sheet for a meeting of an agricultural project in Rwanda, that sheet contained personal data such as names and surnames, Rwandan national identity card number, Sex, Telephone, Organization, signature.

According to my records, this was sent on November 25, 2024. I also attached the email to the National Cyber Security Authority of Rwanda (ncsa.gov.rw).

*Today, access to the bucket is denied, this was closed in April of this year, according to my notes., I received no response from either entity.

<script src='https://www.blogger.com/static/v1/jsbin/1345082660-comment_from_post_iframe.js' type='text/javascript'></script>

  
    <script>
const cookieContainer = document.querySelector(".cookie-container");
const cookieButton = document.querySelector(".buttons .item");
cookieButton.addEventListener("click", () => {
cookieContainer.classList.remove("active");
localStorage.setItem("cookieBannerDisplayed", "true");
});
setTimeout(() => {
if (!localStorage.getItem("cookieBannerDisplayed")) {
cookieContainer.classList.add("active");
}
}, 2000);
</script>

<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/1166699449-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY5yV8TGs0cs69GocJ2qk_GSK2-YOA:1764794335788';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d9218358485248989521','//www.security-chu.com/2025/11/Rwanda-Rural-Rehabilitation-Initiative-14000-files-exposed-in-Bucket.html','9218358485248989521');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '9218358485248989521', 'title': 'Blog de Ciberseguridad en Latinoam\xe9rica: ', 'url': 'https://www.security-chu.com/2025/11/Rwanda-Rural-Rehabilitation-Initiative-14000-files-exposed-in-Bucket.html', 'canonicalUrl': 'https://www.security-chu.com/2025/11/Rwanda-Rural-Rehabilitation-Initiative-14000-files-exposed-in-Bucket.html', 'homepageUrl': 'https://www.security-chu.com/', 'searchUrl': 'https://www.security-chu.com/search', 'canonicalHomepageUrl': 'https://www.security-chu.com/', 'blogspotFaviconUrl': 'https://www.security-chu.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'G-QLVYKK7S0N', 'analytics4': true, 'encoding': 'UTF-8', 'locale': 'es', 'localeUnderscoreDelimited': 'es', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Blog de Ciberseguridad en Latinoam\xe9rica:  - Atom\x22 href\x3d\x22https://www.security-chu.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Blog de Ciberseguridad en Latinoam\xe9rica:  - RSS\x22 href\x3d\x22https://www.security-chu.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Blog de Ciberseguridad en Latinoam\xe9rica:  - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/9218358485248989521/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Blog de Ciberseguridad en Latinoam\xe9rica:  - Atom\x22 href\x3d\x22https://www.security-chu.com/feeds/5971215949862310762/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-7633352484134729', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/5acc114539cf2ce6', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Obtener enlace', 'key': 'link', 'shareMessage': 'Obtener enlace', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Compartir en Facebook', 'target': 'facebook'}, {'name': 'Escribe un blog', 'key': 'blogThis', 'shareMessage': 'Escribe un blog', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Compartir en X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Compartir en Pinterest', 'target': 'pinterest'}, {'name': 'Correo electr\xf3nico', 'key': 'email', 'shareMessage': 'Correo electr\xf3nico', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27es\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Read more \xbb', 'pageType': 'item', 'postId': '5971215949862310762', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3qklOEG_FXm8-LM56Ca-gWhcSDjzOa9k2STtZGPXK7zw6-01u_DO6neN4n1DExRe6EVknNtNUVILqXb_9PNDT7H4xsqZ3nsspuddukvmesoTpxa_1Pc0zX9e95ylB-iRDtBir2xNOgiwbW4lqn7oaN-MRKKXDHOMhO9c4IhtFVXku6ehlVD-ScX32i0M/s72-w320-c-h320/l2zl7nkt_400x400.jpg', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3qklOEG_FXm8-LM56Ca-gWhcSDjzOa9k2STtZGPXK7zw6-01u_DO6neN4n1DExRe6EVknNtNUVILqXb_9PNDT7H4xsqZ3nsspuddukvmesoTpxa_1Pc0zX9e95ylB-iRDtBir2xNOgiwbW4lqn7oaN-MRKKXDHOMhO9c4IhtFVXku6ehlVD-ScX32i0M/w320-h320/l2zl7nkt_400x400.jpg', 'pageName': 'Rwanda Rural Rehabilitation Initiative (RWARRI): 14,000 files exposed in Bucket (S3)', 'pageTitle': 'Blog de Ciberseguridad en Latinoam\xe9rica: : Rwanda Rural Rehabilitation Initiative (RWARRI): 14,000 files exposed in Bucket (S3)', 'metaDescription': 'This entity Rwanda Rural Rehabilitation Initiative exposed data in a Bucket (S3): 14,000 unprotected files.'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Editar', 'linkCopiedToClipboard': 'El enlace se ha copiado en el Portapapeles.', 'ok': 'Aceptar', 'postLink': 'Enlace de la entrada'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Personalizado', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Rwanda Rural Rehabilitation Initiative (RWARRI): 14,000 files exposed in Bucket (S3)', 'description': 'This entity Rwanda Rural Rehabilitation Initiative exposed data in a Bucket (S3): 14,000 unprotected files.', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3qklOEG_FXm8-LM56Ca-gWhcSDjzOa9k2STtZGPXK7zw6-01u_DO6neN4n1DExRe6EVknNtNUVILqXb_9PNDT7H4xsqZ3nsspuddukvmesoTpxa_1Pc0zX9e95ylB-iRDtBir2xNOgiwbW4lqn7oaN-MRKKXDHOMhO9c4IhtFVXku6ehlVD-ScX32i0M/w320-h320/l2zl7nkt_400x400.jpg', 'url': 'https://www.security-chu.com/2025/11/Rwanda-Rural-Rehabilitation-Initiative-14000-files-exposed-in-Bucket.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 5971215949862310762}}, {'name': 'widgets', 'data': [{'title': 'Blog de Ciberseguridad en Latinoam\xe9rica:  (cabecera)', 'type': 'Header', 'sectionId': 'header', 'id': 'Header51'}, {'title': 'Menu', 'type': 'PageList', 'sectionId': 'header', 'id': 'PageList51'}, {'title': 'Entradas del blog', 'type': 'Blog', 'sectionId': 'Hero', 'id': 'Blog99', 'posts': [{'id': '5971215949862310762', 'title': 'Rwanda Rural Rehabilitation Initiative (RWARRI): 14,000 files exposed in Bucket (S3)', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3qklOEG_FXm8-LM56Ca-gWhcSDjzOa9k2STtZGPXK7zw6-01u_DO6neN4n1DExRe6EVknNtNUVILqXb_9PNDT7H4xsqZ3nsspuddukvmesoTpxa_1Pc0zX9e95ylB-iRDtBir2xNOgiwbW4lqn7oaN-MRKKXDHOMhO9c4IhtFVXku6ehlVD-ScX32i0M/w320-h320/l2zl7nkt_400x400.jpg', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'author', 'label': 'Publicado por'}, {'name': 'timestamp', 'label': 'en'}, {'name': 'comments', 'label': 'comentarios'}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': 'Etiquetas:'}]}, {'regionName': 'footer3', 'items': [{'name': 'location', 'label': 'Ubicaci\xf3n:'}]}], 'allBylineItems': [{'name': 'author', 'label': 'Publicado por'}, {'name': 'timestamp', 'label': 'en'}, {'name': 'comments', 'label': 'comentarios'}, {'name': 'labels', 'label': 'Etiquetas:'}, {'name': 'location', 'label': 'Ubicaci\xf3n:'}]}, {'title': '{ content: \x22carousel\x22, top: 2 }', 'type': 'PopularPosts', 'sectionId': 'upper', 'id': 'PopularPosts52', 'posts': [{'title': 'Negociaciones con el grupo de ransomware Akira: un enfoque desaconsejado', 'id': 9124550943780027656}, {'title': '-Update-Ciberataque:La Universidad Mayor atacada por el grupo Dire Wolf ransomware - Chile', 'id': 2146765111535097903}, {'title': 'Hack: Exclusivo The Crimson Collective afirma haber hackeado a Claro Colombia', 'id': 3615796226669920942}, {'title': 'Chile: Instituto Oncologico Fundacion Arturo Lopez Perez (FALP) Golpeado con ransomware', 'id': 4468558058494053250}, {'title': 'Bolivia: Minera San Crist\xf3bal S.A, afectada por ransomware? el grupo Bashe reclama un rescate y filtra datos', 'id': 2032377835755402294}, {'title': 'Chile: Klap plataforma de pago es publicado en un foro de hacking por actor malicioso dice tener 158,795 datos.', 'id': 7282432470528731753}, {'title': 'Se confirma el ataque de ransomware akira a la Agencia Aduanera Browne.cl ', 'id': 7361480720066391578}, {'title': 'Update:Gunra Filtra los datos en la Dark Web de la licorera Varela Hermanos - Panam\xe1', 'id': 3462408777546039410}, {'title': 'Safepay ransomware activo en latinoam\xe9rica: Funeraria cali.losolivos.co, Centro M\xe9dico JockeySalud, Moto Mec\xe1nica Argentina S.A', 'id': 3586143683914647174}, {'title': 'Parte 2: Safepay ransomware libera informaci\xf3n robada de la Escuela Especializada en Ingenier\xeda ITCA-FEPADE en El Salvador.', 'id': 2972940980987668924}]}, {'title': 'Entradas del blog', 'type': 'Blog', 'sectionId': 'Content', 'id': 'Blog1', 'posts': [{'id': '5971215949862310762', 'title': 'Rwanda Rural Rehabilitation Initiative (RWARRI): 14,000 files exposed in Bucket (S3)', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3qklOEG_FXm8-LM56Ca-gWhcSDjzOa9k2STtZGPXK7zw6-01u_DO6neN4n1DExRe6EVknNtNUVILqXb_9PNDT7H4xsqZ3nsspuddukvmesoTpxa_1Pc0zX9e95ylB-iRDtBir2xNOgiwbW4lqn7oaN-MRKKXDHOMhO9c4IhtFVXku6ehlVD-ScX32i0M/w320-h320/l2zl7nkt_400x400.jpg', 'showInlineAds': false}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'share', 'label': ''}, {'name': 'timestamp', 'label': ''}]}, 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'comments', 'label': 'comments'}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}], 'allBylineItems': [{'name': 'share', 'label': ''}, {'name': 'timestamp', 'label': ''}, {'name': 'comments', 'label': 'comments'}, {'name': 'labels', 'label': ''}]}, {'title': 'Puedes seguirnos en nuestras redes sociales', 'type': 'HTML', 'sectionId': 'sidebar', 'id': 'HTML3'}, {'title': 'Translate', 'type': 'HTML', 'sectionId': 'sidebar', 'id': 'HTML2'}, {'title': '', 'type': 'HTML', 'sectionId': 'sidebar', 'id': 'HTML1'}, {'title': 'Search', 'type': 'BlogSearch', 'sectionId': 'sidebar', 'id': 'BlogSearch51'}, {'title': '{ title: \x22Trending\x22, content: \x22trending\x22 }', 'type': 'PopularPosts', 'sectionId': 'sidebar', 'id': 'PopularPosts53', 'posts': [{'title': 'Negociaciones con el grupo de ransomware Akira: un enfoque desaconsejado', 'id': 9124550943780027656}, {'title': '-Update-Ciberataque:La Universidad Mayor atacada por el grupo Dire Wolf ransomware - Chile', 'id': 2146765111535097903}, {'title': 'Hack: Exclusivo The Crimson Collective afirma haber hackeado a Claro Colombia', 'id': 3615796226669920942}, {'title': 'Chile: Instituto Oncologico Fundacion Arturo Lopez Perez (FALP) Golpeado con ransomware', 'id': 4468558058494053250}, {'title': 'Bolivia: Minera San Crist\xf3bal S.A, afectada por ransomware? el grupo Bashe reclama un rescate y filtra datos', 'id': 2032377835755402294}, {'title': 'Chile: Klap plataforma de pago es publicado en un foro de hacking por actor malicioso dice tener 158,795 datos.', 'id': 7282432470528731753}, {'title': 'Se confirma el ataque de ransomware akira a la Agencia Aduanera Browne.cl ', 'id': 7361480720066391578}, {'title': 'Update:Gunra Filtra los datos en la Dark Web de la licorera Varela Hermanos - Panam\xe1', 'id': 3462408777546039410}, {'title': 'Safepay ransomware activo en latinoam\xe9rica: Funeraria cali.losolivos.co, Centro M\xe9dico JockeySalud, Moto Mec\xe1nica Argentina S.A', 'id': 3586143683914647174}, {'title': 'Parte 2: Safepay ransomware libera informaci\xf3n robada de la Escuela Especializada en Ingenier\xeda ITCA-FEPADE en El Salvador.', 'id': 2972940980987668924}]}, {'title': 'Example', 'type': 'HTML', 'sectionId': 'sidebar-post', 'id': 'HTML55'}, {'title': 'Example', 'type': 'HTML', 'sectionId': 'sidebar-page', 'id': 'HTML56'}, {'title': 'Modo', 'type': 'Text', 'sectionId': 'Filters', 'id': 'Text52'}, {'title': 'Orden', 'type': 'Text', 'sectionId': 'Filters', 'id': 'Text53'}, {'title': 'T\xe9rminos', 'type': 'BlogSearch', 'sectionId': 'Filters', 'id': 'BlogSearch52'}, {'title': 'Copyright', 'type': 'HTML', 'sectionId': 'footer-upper', 'id': 'HTML57'}, {'title': 'Footer links', 'type': 'PageList', 'sectionId': 'footer-lower', 'id': 'PageList52'}]}]);
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header51', 'header', document.getElementById('Header51'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PageListView', new _WidgetInfo('PageList51', 'header', document.getElementById('PageList51'), {'title': 'Menu', 'links': [{'isCurrentPage': false, 'href': 'https://www.security-chu.com/', 'id': '0', 'title': 'Inicio'}, {'isCurrentPage': false, 'href': 'https://www.security-chu.com/p/quien-soy.html', 'id': '6582048975581469329', 'title': 'Quien Soy'}], 'mobile': false, 'showPlaceholder': true, 'hasCurrentPage': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog99', 'Hero', document.getElementById('Blog99'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/617233519-lbx__es.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/828616780-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts52', 'upper', document.getElementById('PopularPosts52'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'Content', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/617233519-lbx__es.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/828616780-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML3', 'sidebar', document.getElementById('HTML3'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'sidebar', document.getElementById('HTML2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML1', 'sidebar', document.getElementById('HTML1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogSearchView', new _WidgetInfo('BlogSearch51', 'sidebar', document.getElementById('BlogSearch51'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts53', 'sidebar', document.getElementById('PopularPosts53'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML55', 'sidebar-post', document.getElementById('HTML55'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML56', 'sidebar-page', document.getElementById('HTML56'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_TextView', new _WidgetInfo('Text52', 'Filters', document.getElementById('Text52'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_TextView', new _WidgetInfo('Text53', 'Filters', document.getElementById('Text53'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogSearchView', new _WidgetInfo('BlogSearch52', 'Filters', document.getElementById('BlogSearch52'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML57', 'footer-upper', document.getElementById('HTML57'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PageListView', new _WidgetInfo('PageList52', 'footer-lower', document.getElementById('PageList52'), {'title': 'Footer links', 'links': [{'isCurrentPage': false, 'href': 'https://www.security-chu.com/p/cookies.html', 'id': '6860183368756218029', 'title': 'Cookies'}, {'isCurrentPage': false, 'href': 'https://www.security-chu.com/p/politicas-de-privacidad.html', 'id': '5871657687021101664', 'title': 'Politicas de Privacidad'}, {'isCurrentPage': false, 'href': 'https://www.security-chu.com/p/aviso-legal.html', 'id': '5281408907494033200', 'title': 'Aviso Legal'}], 'mobile': false, 'showPlaceholder': true, 'hasCurrentPage': false}, 'displayModeFull'));
</script>
</body>