Detecting Leaky AWS Buckets

Experts Warn Too Often AWS S3 Are Misconfigured, Leak Data by Tom Spring.

From the post:

A rash of misconfigured Amazon Web Services storage servers leaking data to the internet have plagued companies recently. Earlier this week, data belonging to anywhere between six million and 14 million Verizon customers were left on an unprotected server belonging to a partner of the telecommunications firm. Last week, wrestling giant World Wide Entertainment accidentally exposed personal data of three million fans. In both cases, it was reported that data was stored on AWS S3 storage buckets.

Reasons why this keeps on happening vary. But, Detectify Labs believes many leaky servers trace back to common errors when it comes to setting up access controls for AWS Simple Storage Service (S3) buckets.

In a report released Thursday, Detectify’s Security Advisor Frans Rosén said network administrators too often gloss over rules for configuring AWS’ Access Control Lists (ACL) and the results are disastrous.

Jump to the report released Thursday for the juicy details.

Any thoughts on the going rate for discovery of leaky AWS buckets?

Could be something, could be nothing.

In any event, you should be checking your own AWS buckets.

Leave a Reply

You must be logged in to post a comment.