Login
Sonrai Security website logo for identity and data governance and cloud security

Exposed Amazon S3 Bucket Causes Breach

Author: Sonrai Security Marketing | Date: January 24, 2020
Read Time: 2 minutes
Cloud Security Data Breach Blog image from Sonrai Security including Amazon s3 bucket breach

On January 7, 2020, an unsecured Amazon S3 bucket was leaking data for over 30,000 individuals. Owned by a large cannabis company, the S3 bucket held over 85,000 records that included sensitive (PII) Personally Identifiable Information. The leak was discovered by a research team during a large-scale web mapping project. The cannabis company was notified by the research team two days after the data breach occurred on the 7th of January who then forwarded the report to AWS who quickly closed the database on January 14th. 

Exposing PHI (Protected Health Information) is a federal crime. This results in serious concern for both the company and the individuals whose information was compromised. Had it not been for the research team accidentally stumbling across anomalous activity, the leak could have been truly catastrophic.  The Amazon S3 bucket owned by the retailer was unsecured and unencrypted. Cloud strategies are crucial to any business trying to scale, however common security best practices are necessary in order to properly secure an environment. 

This particular data breach was caused by a lack of employee education, failure to implement security measures, and a failure to establish contingencies. Employees need to understand security policies and familiarize themselves with cloud settings and permissions.  A process should be set for identifying issues and following up on them in a timely manner. Also, a  disaster recovery plan as well as additional layers of security, like two factor authentication, is helpful when dealing with potentially compromised data, especially on a large scale. 

Monitoring accounts for unauthorized identities would also prove helpful in this situation. Creating timely reports for anomalous behavior on unauthorized identities tied to an alert can help the team prioritize potential concerns and address them accordingly. An unsecure Amazon S3 bucket is something that should not go unnoticed for very long. The contents of the leak were too large to comb through all records, but luckily, the ones that were checked contained no private information.

Each group of files on Amazon S3 have to be contained in a bucket and each bucket has to have a unique name across the system. This means that it is possible to brute force names, by running a script. This is an easy way to run a fast query and understand if any S3 buckets are unsecure or leaking data. Scripts can also be run to check for public S3 buckets that should be private. Having dedicated personnel to ensure the security of the cloud environment internally and utilizing the proper tools to block code promotion is crucial to avoiding data breaches. Businesses, such as this healthcare and life science org, should look into investing in the right public cloud tools. 

Read more about the Amazon S3 bucket data breach on Newsweek.

5 notorious cloud data breaches

You Might Also Like

Data Breach Is Result Of A Failed Cloud Security Strategy

In mid January 2020, one of the largest hotel conglomerates in the world experienced a massive data breach. Over 5.[...]

Read More

Data Breach Found From Engineer Misstep

Data breach crisis and private personal information break as an internet digital technology security concept for comput[...]

Read More

Lessons We Learned From The CIA Data Breach

CIA cyber weapons were stolen in 2016 in a historic breach due to 'woefully lax security,' according to a story pub[...]

Read More
© 2020 Sonraí Security. All rights reserved | Privacy Policy
Sonrai Security cloud security platform, products and services are covered by U.S. Patent No. 10,728,307, together with other domestic and international patents pending. All rights are reserved.
magnifier