Printed from http://www.electronista.com

Researcher finds unsecured photos, data on Amazon S3 storage

updated 07:56 am EDT, Thu March 28, 2013

One in six data buckets found to be publicly viewable

An investigation into Amazon's Simple Storage Service (S3) discovered a sixth of data stores, known as buckets, on the service are left open to public viewing. Further examination showed that a number of items on open display were of a sensitive nature, including source code for mobile games, user log-in details, and various other items of personal information.

The investigation by Will Vandevanter of security firm Rapid 7, published by Help Net Security, used a script to generate URLs based on the names of businesses that use Amazon S3, discovering 12,328 buckets in total. While 10,377 buckets were listed as private and not viewable, 1,951 were not only public, but the service provided a list of the first 1,000 objects stored in each discovered bucket.

Data recovered from the public buckets ranged from "personal photos from a medium-sized social media service," to "Employee personal information and member lists across various spreadsheets." PHP source code found in one bucket contained configuration files that held usernames and passwords. Roughly 60-percent of the file listings were of images, with a number of found text-based documents using the term "Confidential" or "Private" in various parts.

By default, Amazon S3 sets buckets to be private. By the nature of buckets becoming public, it had to be altered by the owner of the bucket, be it on purpose or by accident. Even so, Amazon is taking steps to warn users about the issue, as well as working to identify misconfigured buckets in the future.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Cat B100

Cat is primarily known for its heavy-duty machinery used in the construction industry and farming, among other areas. What may not be ...

Linksys EA6900 AC Router

As 802.11ac networking begins to makes its way into more and more devices, you may find yourself considering an upgrade for your home ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

Sponsor

toggle

Most Commented

 
toggle

Popular News