Leaky AWS S3 buckets are so common, they're being found by the thousands now – with lots of buried secrets

2020-08-03 23:47

Misconfigured AWS S3 storage buckets exposing massive amounts of data to the internet are like an unexploded bomb just waiting to go off, say experts.

The team at Truffle Security said its automated search tools were able to stumble across some 4,000 open Amazon-hosted S3 buckets that included data companies would not want public - things like login credentials, security keys, and API keys.

These credentials included SQL Server passwords, Coinbase API keys, MongoDB credentials, and logins for other AWS buckets that actually were configured to ask for a password.

Truffle says it is trying to get the affected companies notified, or at least have the leaky buckets taken offline by AWS. "We did hundreds of disclosures, and partnered with providers in some cases to get keys revoked for buckets where we couldn't identify owners," the team explained this month.

"It's probably fair to assume authenticated buckets contain more secrets than unauthenticated ones, due to the implied higher security bar authentication provides. This means attackers can likely use the first round of buckets to find keys that unlock an additional round of buckets and expose more keys, which could expose more buckets, etc," explained the Truffle team.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/03/leaky_s3_buckets/

#AWS #buckets #S3