Blog

Worst AWS Data Breaches of 2021

Table of Contents

Sonrai - Microchip processing data through computer

Data breaches remain a challenge despite an increase in cybersecurity awareness and investments. This past year, 2021, has been a particularly dire year for cloud breaches, with incidents taking down networks for weeks at a time, and disrupting business throughout the country.

While AWS is an increasingly adopted tool that enables enterprises to upload and distribute data with unmatched effectiveness, it comes with a unique set of vulnerabilities overlooked by users. Misconfigured S3 buckets can present serious risks to your cloud environment, often without you even realizing it. To get specific, public read access could lead to a data breach, while public write access can launch malware or encrypt data to hold your company ransom.

Attacks on these vulnerabilities don’t look like they are slowing down any time soon. Getting access to data, your company’s most valuable asset is big business. You have bad actors asking for ransom and selling data online with organizations and governments offering rewards to take down these cybercriminals.

In July, the State Department announced a $10 million reward for any information about hackers working for foreign governments aimed squarely at those participating in “malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act.” Following this effort, the US government put up a $15 million reward for tracking down the individuals in the DarkSide organization in August.

Happening simultaneously, 3.3 million Volkswagen & Audi records were for sale online. An unnamed marketing services company was responsible for the breach of these Volkswagen and Audi customers and prospects in Canada and the U.S., because of unsecured data.

These were just a few of the top examples from 2021. Below we highlight a few of last year’s most notable breaches.

This Year’s Top Data Breaches in AWS:

Organization: Twitch

Date reported: 10/6/2021

Number of records: 128GB

What happened? Twitch exposed data to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.

Organization: Cosmology Kozmetik

Date reported: 6/17/2021

Number of individuals affected: 20GB with 567,000 unique individuals

What happened? Famous Turkish beauty brand, Cosmolog Kozmetik, suffered a leak in its Amazon S3 bucket. Thousands of Excel spreadsheets of unique individuals who made purchases from the supplier across numerous e-commerce platforms.

Organization: PeopleGIS

Date reported: 7/22/2021

Number of individuals affected: 1,000GB with more than 1.6 million files.

What happened? Mapsonline.net, provided by an American company named PeopleGIS stored data of US municipalities in several misconfigured Amazon S3 buckets.

Organization: Premier Diagnostics

Date reported: 1/25/21

Number of individuals affected: 50,000 patients

What happened? Premier Diagnostics Utah COVID-19 testing service exposed thousands of ID scans, including driver’s licenses, medical insurance cards, passports, and other IDs, on the web without a password or any other authentication required to access it.

Organization: SeniorAdvisor

Date reported: 8/6/21

Number of individuals affected: 3 million individuals

What happened? A misconfigured Amazon S3 bucket exposed details of over 3 million senior citizens including individuals’ names, numbers, and email addresses.

Organization: Reindeer

Date reported: 8/3/21

Number of individuals affected: 32 GB

What happened? Reindeer, which was out of business, left its Amazon S3 bucket open to the public, leading to the catastrophic leak of 50,000 files totalling 32 GB. The leak impacted 306,000 people.

Organization: Twillo

Date reported: 5/5/21

Number of individuals affected: Unknown

What happened? Twillo is the world’s leading cloud communication platform as a service company. They suffered a breach after a bad actor gained read and write access to a misconfigured AWS S3 bucket.

—

In summary, a majority of recent high-profile cloud breaches involved misconfiguration, low visibility, and privilege abuse as the leading causes of cyberattacks. These platform vulnerabilities have subjected enterprises to cyberattacks from insider threats, weak authentication, and third-party access, leading to severe financial and human implications.

Modern enterprises require a shift in cloud security strategy that emphasizes improved configuration procedures, management of proliferating identities and entitlements, and streamlined data classification.