amazon S3, leaky bucket, exposed information, ImageQuest

After the Capital One hack of exposed customer data this summer, researchers found more Amazon Cloud accounts exposing client data.

The latest, a cache of more than 750,000 birth certificates, plus a recent discovery of a cache of cell phone bills, continued the parade of data exposures on Amazon’s cloud.

The exposure of US birth certificate applications appears to be tied to a lack of a password, TechCrunch reported.

Amazon has described other exposures as “misconfigurations.”

Devops.com says there are eight ways to “misconfigure” data buckets on Amazon’s web. They are technical, and you can read more here.

Part of the problem, according to Devops, is that Amazon’s S3 (Amazon Simple Storage Service) is one of the oldest services in Amazon’s cloud offerings. It relies on older coding language for policies, and can be confusing to manage.

An AWS director even said in London he wished Amazon could go back to 2006 and redesign S3.

While Amazon has pinned fault on its customers’ configurations, the company also released on Dec. 2 a new tool aimed at preventing these exposures. The software is called “Access Analyzer for S3.”

“Access Analyzer for S3 is a new feature that monitors your access policies, ensuring that the policies provide only the intended access to your S3 resources,” the company said in a release. “Access Analyzer for S3 evaluates your bucket access policies and enables you to discover and swiftly remediate buckets with potentially unintended access.”

Amazon says this new tool is available for free in most regions except some regions in China.

If you are using S3 for cloud storage of your business data, you need to review your configurations ASAP and seek out the new tool.

Or you can call us and let us protect your data safely!