Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secrets

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 4 Aug 2020 05:49:08 +0000 (UTC)
https://www.theregister.com/2020/08/03/leaky_s3_buckets/

By Shaun Nichols in San Francisco
The Register
3 Aug 2020
The massive amounts of exposed data on misconfigured AWS S3 storage buckets is a catastrophic network breach just waiting to happen, say experts.
The team at Truffle Security says its automated search tools were able to stumble across some 4,000 open Amazon S3 buckets that included data companies would not want public, things like login credentials, security keys, and API keys.
In fact, the leak hunters say that the exposed data was so common, they were able to count an average of around 2.5 pieces of 'secret' data in each file they analyzed. In some cases, more than 10 secrets were found in a single file. These included SQL Server passwords, Coinbase API keys, MongoDB credentials, and logins for other AWS buckets that actually were configured to ask for a password.
That the Truffle Security team was able to turn up roughly 4,000 insecure buckets with private information shows just how common it is for companies to leave their cloud storage instances unguarded. 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
Previous By Date Next
Previous By Thread Next

Current thread: