Security News > 2020 > September > Google Cloud Buckets Exposed in Rampant Misconfiguration

Six percent of all Google Cloud buckets are misconfigured and left open to the public internet, for anyone to access their contents.

In a survey of 2,064 Google Cloud buckets by Comparitech, 131 of them were found to be vulnerable to unauthorized access by users who could list, download and/or upload files.

Google Cloud database names must be between three and 63 characters, and contain only lowercase letters, numbers, dashes, underscores and dots, with no spaces; and, names must start and end with a number or letter.

While the analysis covered Google Cloud buckets only, the misconfiguration issue extends to other platforms; Amazon's S3 buckets for instance are the most popular means for apps, websites and online services to store data in the cloud, and are also often found to be exposed.

"Given increased reliance on cloud hosted systems and decentralized systems, it is incredibly important that IT and security teams educate themselves on the various access control settings for the cloud services they use," Joe Moles, vice president of customer security operations at Red Canary, said via email.

News URL

https://threatpost.com/google-cloud-buckets-exposed-misconfiguration/159429/