iTnews

AWS warns users about open S3 buckets

By Allie Coyne on Jul 19, 2017 2:50PM
AWS warns users about open S3 buckets

Following Dow Jones bungle.

Amazon Web Services is contacting customers with S3 buckets that are configured to be freely accessed by anyone on the internet to review access controls following the leak of two million Dow Jones user details.

This week cyber security firm UpGuard revealed the personal details of at least 2.2 million Dow Jones customers had been exposed online as a result of an unsecured S3 repository.

It said the number could be as high as 4 million. The data exposed included people's names, addresses, account information, email addresses, and the last four digits of their credit card numbers.

The data was stored in an AWS S3 bucket configured to allow access to 'authenticated users', which in AWS language means anyone with an AWS account, which is free to obtain.

Last week a similar data breach at US telco Verizon exposed 6 million customer records through an unprotected S3 server.

And in June, a trove of top secret data managed by government security contractor Booz Allen Hamilton was left accessible to the web through the same misconfiguration.

Emails circulated to AWS customers, sighted by iTnews, warns those with open access to S3 buckets to reconsider this configuration.

"We’re writing to remind you that one or more of your Amazon S3 bucket access control lists (ACLs) are currently configured to allow access from any user on the internet," the cloud giant said.

"While there are reasons to configure buckets with world read access, including public websites or publicly downloadable content, recently, there have been public disclosures by third parties of S3 bucket contents that were inadvertently configured to allow world read access but were not intended to be publicly available.

"We encourage you to promptly review your S3 buckets and their contents to ensure that you are not inadvertently making objects available to users that you don’t intend."

S3 access control lists can be changed through the management console or command line interface.

By default S3 buckets are set to allow read access only to the account owner.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
aws cloud s3 security server storage

Partner Content

Rethinking security and access for hybrid work
Partner Content Rethinking security and access for hybrid work
Changing the game with IMMERSION
Partner Content Changing the game with IMMERSION
Setting a digital trajectory for Victoria's courts system
Partner Content Setting a digital trajectory for Victoria's courts system
Communication critical to CSV digital transformation, says PwC
Partner Content Communication critical to CSV digital transformation, says PwC

Sponsored Whitepapers

Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Future of work: Support your distributed HR workforce with digital document processes
Future of work: Support your distributed HR workforce with digital document processes
Develop a resiliency strategy that integrates risk analysis & continuity management
Develop a resiliency strategy that integrates risk analysis & continuity management
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
Optimise your operations with APM and AI-Powered insights
Optimise your operations with APM and AI-Powered insights

Events

  • Nutanix .NEXT Conference
By Allie Coyne
Jul 19 2017
2:50PM
0 Comments

Related Articles

  • Aussie 'buy now, pay later' player Zip scales and matures its IT and security
  • EU bodies' use of Amazon, Microsoft cloud services faces privacy probes
  • CBA builds container-as-a-service platform on AWS, Kubernetes stack
  • Microsoft, Amazon, Cisco, Salesforce alarmed at security incident response takeover by govt
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Westpac replaces branch phone systems with iPhones, Teams Calling

Westpac replaces branch phone systems with iPhones, Teams Calling
Australia Post nears end of massive telco transformation

Australia Post nears end of massive telco transformation
Westpac loses its group head of data and advanced analytics

Westpac loses its group head of data and advanced analytics
NBN Co to charge free fibre recipients that don't stick with higher speed plans

NBN Co to charge free fibre recipients that don't stick with higher speed plans
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.