Sonrai Security website logo for identity and data governance and cloud security

Worst AWS Data Breaches of 2021

Author: Eric Kedrosky | Date: December 29, 2021
Read Time: 3 minutes
Skill Level: Learner
Skill Level: Learner
data breach AWS

Data breaches remain a challenge despite an increase in cybersecurity awareness and investments. This past year, 2021, has been a particularly dire year for AWS-related data breaches, with incidents taking down networks for weeks at a time, and disrupting business throughout the country.

While AWS is an increasingly adopted tool that enables enterprises to upload and distribute data with unmatched effectiveness, it comes with a unique set of vulnerabilities overlooked by users. Misconfigured S3 buckets can present serious risks to your cloud environment, often without you even realizing it. To get specific, public read access could lead to a data breach, while public write access can launch malware or encrypt data to hold your company ransom.

Attacks on these vulnerabilities don’t look like they are slowing down any time soon. Getting access to data, your company’s most valuable asset is big business. You have bad actors asking for ransom and selling data online with organizations and governments offering rewards to take down these cybercriminals.  

In July, the State Department announced a $10 million reward for any information about hackers working for foreign governments aimed squarely at those participating in "malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act." Following this effort, the US government put up a $15 million reward for tracking down the individuals in the DarkSide organization in August. 

Happening simultaneously, 3.3 million Volkswagen & Audi records were for sale online. An unnamed marketing services company was responsible for the breach of these  Volkswagen and Audi customers and prospects in Canada and the U.S., because of unsecured data. 

These were just a few of the top examples from 2021. To keep a tab on the complete list of organizations impacted by cloud data breaches, check out our Breach Watch. For anyone who needs a refresher on how things have gone, here is a small list of 2021 AWS data breaches:

Organization: Twitch
Date reported: 10/6/2021
Number of records: 128GB
What happened? Twitch exposed data to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.

Organization: Cosmology Kozmetik
Date reported: 6/17/2021
Number of individuals affected: 20GB with 567,000 unique individuals
What happened? Famous Turkish beauty brand, Cosmolog Kozmetik, suffered a leak in its Amazon S3 bucket. Thousands of Excel spreadsheets of unique individuals who made purchases from the supplier across numerous e-commerce platforms.

Organization: PeopleGIS
Date reported: 7/22/2021
Number of individuals affected: 1,000GB with more than 1.6 million files.
What happened?, provided by an American company named PeopleGIS stored data of US municipalities in several misconfigured Amazon S3 buckets

Organization: Premier Diagnostics
Date reported: 1/25/21
Number of individuals affected: 50,000 patients
What happened? Premier Diagnostics Utah COVID-19 testing service exposed thousands of ID scans, including driver’s licenses, medical insurance cards, passports, and other IDs, on the web without a password or any other authentication required to access it.

Organization: SeniorAdvisor
Date reported: 8/6/21
Number of individuals affected: 3 million individuals
What happened? A misconfigured Amazon S3 bucket exposed details of over 3 million senior citizens including individuals’ names, numbers, and email addresses.

Organization: Reindeer
Date reported: 8/3/21
Number of individuals affected: 32 GB
What happened?  Reindeer, which was out of business, left its Amazon S3 bucket open to the public, leading to the catastrophic leak of 50,000 files totalling 32 GB. The leak impacted 306,000 people.

Organization: Twillo
Date reported: 5/5/21
Number of individuals affected: Unknown
What happened? Twillo is the world’s leading cloud communication platform as a service company. They suffered a breach after a bad actor gained read and write access to a misconfigured AWS S3 bucket.

In summary, a majority of recent high-profile cloud data breaches involved misconfiguration, low visibility, and privilege abuse as the leading causes of cyberattacks. These platform vulnerabilities have subjected enterprises to cyberattacks from insider threats, weak authentication, and third-party access, leading to severe financial and human implications.

Modern enterprises require a shift in cloud security strategy that emphasizes improved configuration procedures, IAM optimization, and streamlined data classification. 

By identifying the mechanics behind the data breaches of 2021, enterprises can fine-tune their existing practices and assume a proactive stance toward eliminating data security risks. To continue this discussion, join our cloud security experts for our upcoming webinar, “The 5 Cloud Data Breach Archetypes of 2021.”

You Might Also Like

4 Identity Trends For 2022 From Worlds Largest Cloud Security Platform

Once again, the global cloud community, including Sonrai Security, gathered in Las Vegas for AWS re:Invent 2021, ce[...]

Read More

AWS Checklist: Expert Advice on Security & Risk Priorities

Key takeaways from our recent webinar on AWS security  As we discussed in a recent webinar on AWS security [...]

Read More

Cloud Security Considerations for AWS, Azure, & Google

With the rise of the cloud, data security has changed dramatically. Older data security models based on fortified p[...]

Read More