Security News > 2023 > December > Android game dev’s Google Drive misconfig highlights cloud security risks

Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely exposure of sensitive information for nearly one million people over a period of six years and eight months.
Setting Google Drive to "Anyone with the link can view" makes it viewable only to those with the exact URL, typically reserved for collaboration between people working with non-sensitive data.
While it's unlikely that anyone found an exposed Google Drive URL on their own, this notification demonstrates a need for companies to properly secure their cloud services to prevent data from being mistakenly exposed.
It is very common for threat actors and researchers to find exposed cloud services, such as databases and storage buckets, and download the data contained in them.
In 2017, security researcher Chris Vickery found misconfigured Amazon S3 buckets exposing databases containing 1.8 billion social and forum posts made by users worldwide.
Ten days later, the same researcher discovered another misconfigured S3 bucket that exposed what appeared to be classified information from INSCOM. While those breaches were responsibly disclosed, other cloud service misconfigurations have led to the data being leaked or sold on hacker forums.
News URL
Related news
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Balancing cloud security with performance and availability (source)
- Avoiding vendor lock-in when using managed cloud security services (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Why multi-cloud security needs a fresh approach to stay resilient (source)
- Cloud security gains overshadowed by soaring storage fees (source)
- Cloud security explained: What’s left exposed? (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)