On January 7, 2020, an unsecured Amazon S3 bucket was leaking data for over 30,000 individuals. Owned by a large cannabis company, the S3 bucket held over 85,000 records that included sensitive (PII) Personally Identifiable Information. The leak was discovered by a research team during a large-scale web mapping project. The cannabis company was notified by the research team two days after the data breach occurred on the 7th of January who then forwarded the report to AWS who quickly closed the database on January 14th.
Exposing PHI (Protected Health Information) is a federal crime. This results in serious concern for both the company and the individuals whose information was compromised. Had it not been for the research team accidentally stumbling across anomalous activity, the leak could have been truly catastrophic. The Amazon S3 bucket owned by the retailer was unsecured and unencrypted. Cloud strategies are crucial to any business trying to scale, however common security best practices are necessary in order to properly secure an environment.
This particular data breach was caused by a lack of employee education, failure to implement security measures, and a failure to establish contingencies. Employees need to understand security policies and familiarize themselves with cloud settings and permissions. A process should be set for identifying issues and following up on them in a timely manner. Also, a disaster recovery plan as well as additional layers of security, like two factor authentication, is helpful when dealing with potentially compromised data, especially on a large scale.
Monitoring accounts for unauthorized identities would also prove helpful in this situation. Creating timely reports for anomalous behavior on unauthorized identities tied to an alert can help the team prioritize potential concerns and address them accordingly. An unsecure Amazon S3 bucket is something that should not go unnoticed for very long. The contents of the leak were too large to comb through all records, but luckily, the ones that were checked contained no private information.
Each group of files on Amazon S3 have to be contained in a bucket and each bucket has to have a unique name across the system. This means that it is possible to brute force names, by running a script. This is an easy way to run a fast query and understand if any S3 buckets are unsecure or leaking data. Scripts can also be run to check for public S3 buckets that should be private. Having dedicated personnel to ensure the security of the cloud environment internally and utilizing the proper tools to block code promotion is crucial to avoiding data breaches. Businesses, such as this healthcare and life science org, should look into investing in the right public cloud tools.
Read more about the Amazon S3 bucket data breach on Newsweek.