https://www.theregister.com/2020/08/03/leaky_s3_buckets/
By Shaun Nichols in San Francisco
The Register
3 Aug 2020
The massive amounts of exposed data on misconfigured AWS S3 storage
buckets is a catastrophic network breach just waiting to happen, say
experts.
The team at Truffle Security says its automated search tools were able to
stumble across some 4,000 open Amazon S3 buckets that included data
companies would not want public, things like login credentials, security
keys, and API keys.
In fact, the leak hunters say that the exposed data was so common, they
were able to count an average of around 2.5 pieces of 'secret' data in
each file they analyzed. In some cases, more than 10 secrets were found in
a single file. These included SQL Server passwords, Coinbase API keys,
MongoDB credentials, and logins for other AWS buckets that actually were
configured to ask for a password.
That the Truffle Security team was able to turn up roughly 4,000 insecure
buckets with private information shows just how common it is for companies
to leave their cloud storage instances unguarded.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
