Security News > 2022 > November > Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data

Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data
2022-11-16 13:04

Hundreds of databases on Amazon Relational Database Service are exposing personal identifiable information, new findings from Mitiga, a cloud incident response company, show.

Amazon RDS is a web service that makes it possible to set up relational databases in the Amazon Web Services cloud.

The root cause of the leaks stems from a feature called public RDS snapshots, which allows for creating a backup of the entire database environment running in the cloud and can be accessed by all AWS accounts.

"Make sure when sharing a snapshot as public that none of your private information is included in the public snapshot," Amazon cautions in its documentation.

"When a snapshot is shared publicly, it gives all AWS accounts permission both to copy the snapshot and to create DB instances from it."

It's highly recommended that RDS snapshots are not publicly accessible in order to prevent potential leak or misuse of sensitive data or any other kind of security threat.


News URL

https://thehackernews.com/2022/11/researchers-discover-hundreds-of-amazon.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Amazon 64 9 60 39 13 121