Sign up for our newsletter
Technology / Cybersecurity

AWS clients alerted to security risks by researchers

AWS cloud storage users have received warnings from security researchers telling them that their private content has been exposed and that hackers could gain access imminently.

The warnings came combined with the advice to act upon the alert and secure the vulnerable information, with the messages varying in complexity.

Misconfiguration appears to be commonly to blame; recently 120,000 sets of FedEx customer data were left exposed due to an unsecured AWS S3 silo, a prime example of this problem.

This instance joins a catalogue of instances of vulnerability and data exposure related to AWS, with the cases involving Verizon and Uber standing out among the list.

White papers from our partners

AWS clients alerted to security risks by researchersA massive 14 million Verizon subscribers were exposed in 2017 due to an unsecured AWS S3 silo, leaving valuable information including PIN and phone numbers without protection. The repeat of these large-scale data exposures raises the question as to what can be done to promote better configuration and securing of AWS data silos.

Speaking to the BBC, a security researcher who extends warnings to organisations, Robbie Wiggins, said: “I’ve had a few responses ranging from monetary rewards to thanks. I’ve struggled with a good few, especially the government for Argentina.”

UK government backed smart meters could pose cyber risk – GCHQ
UK financial services failing to keep pace in global digital race
Cybersecurity fears not matched with risk management strategy

Mr Wiggins also revealed the extent of the widespread problem of unsecured data buckets, stating that he has listed 2,000 insecure data stores, the owners of which he is working to contact and warn. “Lots of buckets appear to been abandoned and forgotten about,” Wiggins said.

With levels of cyber fraud at an all-time high, hackers are increasingly eager to access large data caches, adding to the vast amount that the internet is already awash with. In the recent example of the AWS S3 silo related exposure of FedEx customer data, sensitive information including passport details and driving licenses were left publically available.


This article is from the CBROnline archive: some formatting and images may not be present.