View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 20, 2018

AWS clients alerted to security risks by researchers

Misconfiguration is often at the root of AWS silo data exposures, but what can be done to reduce the commonality of this problem?

By Tom Ball

AWS cloud storage users have received warnings from security researchers telling them that their private content has been exposed and that hackers could gain access imminently.

The warnings came combined with the advice to act upon the alert and secure the vulnerable information, with the messages varying in complexity.

Misconfiguration appears to be commonly to blame; recently 120,000 sets of FedEx customer data were left exposed due to an unsecured AWS S3 silo, a prime example of this problem.

This instance joins a catalogue of instances of vulnerability and data exposure related to AWS, with the cases involving Verizon and Uber standing out among the list.

AWS clients alerted to security risks by researchersA massive 14 million Verizon subscribers were exposed in 2017 due to an unsecured AWS S3 silo, leaving valuable information including PIN and phone numbers without protection. The repeat of these large-scale data exposures raises the question as to what can be done to promote better configuration and securing of AWS data silos.

Speaking to the BBC, a security researcher who extends warnings to organisations, Robbie Wiggins, said: “I’ve had a few responses ranging from monetary rewards to thanks. I’ve struggled with a good few, especially the government for Argentina.”

UK government backed smart meters could pose cyber risk – GCHQ
UK financial services failing to keep pace in global digital race
Cybersecurity fears not matched with risk management strategy

Mr Wiggins also revealed the extent of the widespread problem of unsecured data buckets, stating that he has listed 2,000 insecure data stores, the owners of which he is working to contact and warn. “Lots of buckets appear to been abandoned and forgotten about,” Wiggins said.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

With levels of cyber fraud at an all-time high, hackers are increasingly eager to access large data caches, adding to the vast amount that the internet is already awash with. In the recent example of the AWS S3 silo related exposure of FedEx customer data, sensitive information including passport details and driving licenses were left publically available.

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.