iTnews
  • Home
  • News
  • Technology
  • Security

AWS warns users about open S3 buckets

By Allie Coyne on Jul 19, 2017 2:50PM
AWS warns users about open S3 buckets

Following Dow Jones bungle.

Amazon Web Services is contacting customers with S3 buckets that are configured to be freely accessed by anyone on the internet to review access controls following the leak of two million Dow Jones user details.

This week cyber security firm UpGuard revealed the personal details of at least 2.2 million Dow Jones customers had been exposed online as a result of an unsecured S3 repository.

It said the number could be as high as 4 million. The data exposed included people's names, addresses, account information, email addresses, and the last four digits of their credit card numbers.

The data was stored in an AWS S3 bucket configured to allow access to 'authenticated users', which in AWS language means anyone with an AWS account, which is free to obtain.

Last week a similar data breach at US telco Verizon exposed 6 million customer records through an unprotected S3 server.

And in June, a trove of top secret data managed by government security contractor Booz Allen Hamilton was left accessible to the web through the same misconfiguration.

Emails circulated to AWS customers, sighted by iTnews, warns those with open access to S3 buckets to reconsider this configuration.

"We’re writing to remind you that one or more of your Amazon S3 bucket access control lists (ACLs) are currently configured to allow access from any user on the internet," the cloud giant said.

"While there are reasons to configure buckets with world read access, including public websites or publicly downloadable content, recently, there have been public disclosures by third parties of S3 bucket contents that were inadvertently configured to allow world read access but were not intended to be publicly available.

"We encourage you to promptly review your S3 buckets and their contents to ensure that you are not inadvertently making objects available to users that you don’t intend."

S3 access control lists can be changed through the management console or command line interface.

By default S3 buckets are set to allow read access only to the account owner.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
awsclouds3securityserverstorage

Partner Content

Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Allie Coyne
Jul 19 2017
2:50PM
0 Comments

Related Articles

  • Collins Foods puts IT focus on security controls, cloud services
  • Oracle accredited 'certified strategic' gov cloud provider
  • Logging query tool exposed AWS credentials
  • Govt certifies first four 'strategic' cloud providers
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Researchers hacked Oracle servers to demo serious vulnerability

Researchers hacked Oracle servers to demo serious vulnerability
PayTo rollout kicks off

PayTo rollout kicks off
Australian scientists build world's first quantum computer IC

Australian scientists build world's first quantum computer IC

Digital Nation

Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
The security threat of quantum computing
The security threat of quantum computing
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.