Inadvertent database exposure continues to be a major risk for organizations. Security professionals are concerned about their database security as employees are now working remotely. Security researchers Noam Rotem and Ran Locar from vpnMentor uncovered an unsecured AWS S3 bucket containing over 5.5 million files (around 343GB in size) exposed online.
Multiple Organizations’ Data at Risk
The researchers stated that the major data in the server belongs to a U.S.-based project management firm InMotionNow. The other organizations whose data was found in the unsecured S3 bucket include: Universities like Kent State in Ohio and Purdue in Indiana, cybersecurity firm ISC2.org, insurance company Brotherhood Mutual, Potawatomi Hotel & Casino in Milwaukee, public limited companies like Zagg & Myriad Genetics, and a non-profit organization Freedom Forum Institute.
According to vpnMentor researchers, the exposed data included analytics reports, internal presentations like company strategy, annual revenue amounts, and current customer count; training materials, internal client requests like requester name, project name and details; marketing strategies and collateral, product labels; and business intelligence reports. In addition, the database also exposed email addresses and mailing lists with relevant personally identifiable information (PII) related to universities including full names, donation amounts, physical addresses, contact details, and the credentials of donors.
The leaky database was secured after vpnMentor notified all the organizations affected in the security incident.
How to Secure an Open S3 Bucket
vpnMentor researchers also recommended some basic security measures to protect the S3 bucket. These include:
- Make the bucket private and add authentication protocols
- Follow AWS access and authentication best practices
- Add more layers of protection to the S3 bucket to further restrict who can access it from every point of entry
“It is important to note that open, publicly viewable S3 buckets are not a flaw of AWS. They’re usually the result of an error by the owner of the bucket,” the researchers said.
Misconfigurations Increase Data Leaks
A cloud security survey by cybersecurity firm Sophos revealed that 70% of organizations suffered at least one public cloud security breach in 2019, with misconfigurations exploited in 66% of reported attacks. The survey report titled “The State of Cloud Security 2020” stated that 50% of organizations that use multi-cloud environments are more likely to suffer a cloud security incident than those using a single cloud. Besides, 33% of organizations reported that attackers gained access through stolen cloud provider account credentials. A quarter of organizations stated that managing access to cloud accounts is a primary concern to them. Nearly 96% of respondents admitted that they face issues with their current level of cloud security, while 44% of respondents reported data breaches are the top security concern. Only 1 in 4 respondents stated lack of staff expertise as a top concern.