Login
Sonrai Security website logo for identity and data governance and cloud security

Data Breach Found From Engineer Misstep

Author: Sonrai Security Marketing | Date: January 27, 2020
Read Time: 3 minutes
Cloud Security Data Breach Blog image from Sonrai Security
Data breach crisis and private personal information break as an internet digital technology security concept for computing theft risk with 3D illustration elements.

On January 13, 2020 at an enterprise company headquartered in Mountain View, CA, a Vice President of Product noticed something a bit out of the ordinary in his AWS environment. He followed the breadcrumbs to realize an AWS engineer had sent a gigabyte of data to his personal GitHub account. Five hours might not seem like a long time but to a malicious actor, five hours is more than enough. Luckily, for this Vice President of Product not all actors are malicious, sometimes data leaks or a data breach can occur by mistake.

The data breach was not massive - only about a gigabyte of data was leaked; however, it’s not always the size that matters, it's the content. This particular data set mostly contained access keys for various cloud services, collections of authentication tokens, and API’s for third party providers. The VP, in this case, was diligent and responded to an alert of suspicious activity timely, allowing the risk to be mitigated and resolved fairly quickly. It was discovered due to his due diligence. He noticed obscure file names, “Rootkey” and “Amazon Confidential”. The discovery was not easy to spot and the credit here definitely falls on this VP of Product.

This particular breach would be classified under human error leading to a misconfiguration. Everyone makes mistakes, but it’s important to set up an environment which allows for mitigation of these mistakes as they occur. In this case, this particular human error occurred because an AWS engineer had committed about a gigabyte of data to his personal GitHub repository. This was likely a case of mislabeled and misclassified data. The repository this data was downloaded from was structured as general storage and contained AWS resource templates and log files. Coming from central storage - the data should have been more secured. This also could be a strong case for over permissioned identities. The AWS engineer should not have been prohibited from downloading the data to his personal repository. The breach could have also been prevented by utilizing S3 buckets. S3 buckets and objects are private; allowing only the resource owner and the AWS account bucket creator to access their bucket and its contents. The resource owner can, however, choose to grant access permissions to other resources and users, making it a safe and secure option for housing data.

The shared responsibility model went a long way in making sure this issue was dealt with effectively and efficiently. Even in a so-called perfect environment, mistakes can occur. The ability of this VP to receive and notice the foul play and act on it in a timely manner was crucial to mitigate the risk. Too often in these situations we see companies battling alert fatigue and do not address high priority issues in a timely fashion. It is always beneficial for an organization to monitor remediation of non-person identities to ensure risk mitigation across the environment.

To learn more about this cloud data breach, read the Security Boulevard article.

5 notorious cloud data breaches

You Might Also Like

Lessons We Learned From The CIA Data Breach

CIA cyber weapons were stolen in 2016 in a historic breach due to 'woefully lax security,' according to a story pub[...]

Read More

Why the Capital One Breach Will Not Deter the Unstoppable Growth of Public Cloud

The Capital One loss of credit card applications for 106 million people is a sobering reminder that complexity stif[...]

Read More

Why the Capital One Breach Will Not Deter the Unstoppable Growth of Public Cloud

The Capital One loss of credit card applications for 106 million people is a sobering reminder that complexity stif[...]

Read More
© 2020 Sonraí Security. All rights reserved | Privacy Policy
Sonrai Security cloud security platform, products and services are covered by U.S. Patent No. 10,728,307, together with other domestic and international patents pending. All rights are reserved.
magnifier