The cloud isn’t looking so great lately with this latest news from Amazon. Rapid7 an internet security company did some “testing” on Amazons Simple Storage Service (S3) and found thousands of exposed accounts containing over 126 billion files.
Some specific examples of the data found are listed below:
- Personal photos from a medium-sized social media service
- Sales records and account information for a large car dealership
- Affiliate tracking data, click-through rates, and account information for an ad company’s clients
- Employee personal information and member lists across various spreadsheets
- Unprotected database backups containing site data and encrypted passwords
- Video game source code and development tools for a mobile gaming firm
- PHP source code including configuration files, which contain usernames and passwords
- Sales “battlecards” for a large software vendor.
This isn’t a risk directly created by Amazon, they simply provide the tools to leave your account open to the public. Approximately 1 in 6 accounts are left open. The way it works is more of a flaw in the system design. There is a better way to allow people to leave files open to the public while keeping their private data secure. Simple Storage Service might be an accurate name for Amazon’s cloud as it takes a great level of design complexity to protect users, complexity that their simple service seems to be currently lacking.
Source: Net Security