Don’t leave your Amazon S3 buckets exposed

As long as you know the right URL, anyone with access to the internet could retrieve all the data that was left online by marketing analytics company Alteryx. This is the second major exposure of data stored and improperly managed in the Amazon Web Services S3 storage service.

In the Alteryx case, it was apparent that the firm had purchased the information from Experian, as part of a data set called ConsumerView. Alteryx uses this data to provide marketing and analytics services. It put the data in AWS S3—and forgot to lock the door.

In November, files detailing a secret US intelligence collection program were leaked in the same manner, also stored in S3. The program, led by US Army Intelligence and Security Command, a division of the National Security Agency, was supposed to help the Pentagon get real-time information about what was happening on the ground in Afghanistan in 2013 by collecting data from US computer systems on the ground. Much as in the Alteryx case, the data was exposed by a misconfigured S3 bucket.

To read this article in full, please click here

from InfoWorld Cloud Computing http://ift.tt/2kYvzLf
via IFTTT

Advertisements