News

BBC Finds Security Researchers Are Warning Users of Exposed AWS Data

• By David Ramel
• 02/26/2018

The BBC has reported that security researchers are leaving "friendly warnings" about exposed data stores on the Amazon Web Services Inc. (AWS) cloud computing platform.

AWS has been plagued by a series of reports about wide-open, unencrypted data stores -- often on the platform's S3 storage service -- that have led or could lead to data theft, ransomware attacks and more. The exposed data typically results from user configuration errors -- such as not applying encryption -- rather than inherent flaws in the AWS platform.

While some security firms have made hay by continually announcing new discoveries of unencrypted data stores, the UK-based BBC news service last week said it has found that security researchers have been discovering exposed data and warning the owners via messages posted to AWS servers.

"The BBC found almost 50 warnings posted to the firm's servers," the company announced. "Many had more than one warning uploaded to them. The messages urged owners to secure their information before it was stolen by malicious hackers."

An example warning reads:

Hello,
This is a friendly warning that your Amazon AWS S3 bucket settings are wrong.
Anyone can write to this bucket.
Please fix this before a bad guy finds it.

The BBC reiterated the spate of data vulnerabilities found on AWS servers that have been reported by AWSInsider.

"Over the last 18 months, Uber, Verizon, Alteryx, the WWE, U.S. defense contractor Booz Allen Hamilton, Dow Jones and three data mining companies have exposed data via misconfigured S3 buckets," the BBC said. "Between them the firms lost data covering the digital identities of hundreds of millions of people."

In the light of such vulnerabilities and attacks, AWS has increased its security guidance efforts, and an open source tool was published to help address the problem.