To Top

Amazon S3 datastores left unsecured

Amazon S3 data centers

Amazon is by far one of the most popular hosting services on the internet, and probably one of the cheapest as well. I have a couple of servers myself with Amazon. But anyway, the services provided by Amazon Web Services are just really cool. And probably this is why a lot of social media sites, banking websites, game services and more are hosted on Amazon. And when you say a web hosting company, it needs to secure all these data centers with the most reliable technologies available.

But Amazon, by mistake probably, has failed to do that. Will Vandevanter, of Help Net Security, has made a discovery that thousands of Amazon S3 data buckets, as they are called, were not configured properly and just left there, on the servers, open for the public to get a piece of. The information made publicly available include personal details of thousands of people hosted by social networking services, sales records, video game source code and even unencrypted backups of databases.

Engadget writes, “Vandevanter started his probe by generating URLs using the names of major companies and sites that use Amazon’s cloud storage service. In the end he uncovered 12,328 of the so-called buckets — 1,951 of which were visible to the public.” And these folders made public are said to be homes for over 126 billion files, and that is a very, very big number.

By default, when you buy one of these data centers from Amazon, the accounts are set to private, so that you are the only one who can see all your files and data. And this means that the security on these data centers had to be flipped to public manually, which could have been an accident. Anyway, the company has responded by sending the owners of these data centers to check their settings once. So, if you have an Amazon S3 instance running somewhere, you better dig into your settings and check that your data is safe.

Source: Engadget

More in Tech News