Security News > 2023 > December > Android game dev’s Google Drive misconfig highlights cloud security risks
Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely exposure of sensitive information for nearly one million people over a period of six years and eight months.
Setting Google Drive to "Anyone with the link can view" makes it viewable only to those with the exact URL, typically reserved for collaboration between people working with non-sensitive data.
While it's unlikely that anyone found an exposed Google Drive URL on their own, this notification demonstrates a need for companies to properly secure their cloud services to prevent data from being mistakenly exposed.
It is very common for threat actors and researchers to find exposed cloud services, such as databases and storage buckets, and download the data contained in them.
In 2017, security researcher Chris Vickery found misconfigured Amazon S3 buckets exposing databases containing 1.8 billion social and forum posts made by users worldwide.
Ten days later, the same researcher discovered another misconfigured S3 bucket that exposed what appeared to be classified information from INSCOM. While those breaches were responsibly disclosed, other cloud service misconfigurations have led to the data being leaked or sold on hacker forums.
News URL
Related news
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)
- Reducing the cloud security overhead (source)
- Harnessing the Power of CTEM for Cloud Security (source)
- Exposing the top cloud security threats (source)
- The first steps of establishing your cloud security strategy (source)
- eBook: Cloud security skills (source)
- How to Find and Fix Risky Sharing in Google Drive (source)
- Leveraging AI and automation for enhanced cloud communication security (source)
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Drozer: Open-source Android security assessment framework (source)