- Threat Stack Inc. conducted an April analysis of AWS cloud usage and found widespread security misconfigurations that affected nearly three quarters of the more than 200 surveyed companies.
- RedLock Inc. published a May research report that found many security problems were primarily due to user misconfigurations of public cloud platforms. AWS was prominently mentioned in the report.
- Appthority published earlier this month investigation results showing that nearly 43 TB enterprise data was exposed via cloud back-ends. This includes personally identifiable information (PII).
UpGuard discovered the issue and created a post about “AWS S3 bucket provisioning.” The post stated that Amazon’s Simple Storage Service (S3) storage containers are known for being unlocked by the public, even by the largest companies in the world. If the bucket contained sensitive information such as customer lists, corporate databases, or large collections of sensitive information, this can lead to a major data breach. It has. Even though the misconfiguration is a simple permission, it can have devastating consequences. Vickery took several days to download 1.1 TB of data, which is roughly 500 hours of video. UpGuard stated that despite the severity of the breach, Vickery will likely be overwhelmed in the future. This could have a far more devastating effect if cyber resilience is not embraced by all Internet-facing systems.