"AWS S3 buckets are secure by default, so in the absence of a targeted attack by a cybercriminal, which cannot necessarily be ruled out in this instance, their contents can only be revealed through error or negligence on the part of Prestige Software. Also, AWS provides detailed information on keeping S3 buckets secure.
This raises the question of why such breaches are quite so comically common – indeed, according to Sonrai Security CEO Brendan Hannigan, misconfigurations are the number one cause of a public cloud breach. But, he adds, the reasons for this are perhaps somewhat understandable.
“Exploding complexity, especially around identity and data access, is leading to human error and unintentional exposure,” said Hannigan.
“We have found unintended and mistaken data exposure when onboarding new customers with many datasets containing PII. This means data breaches, such as an exposed S3 bucket, are just the tip of the iceberg.”