Exposed: Misconfigured Cloud Storage Leaves 1.5B Sensitive Files Up for Grabs
“A colossal 12TB of data – including confidential intellectual property, penetration test results and other sensitive files in the cloud – can be pulled from exposed Amazon S3 buckets, rsync, SMB, FTP servers, misconfigured websites, and NAS drives, according to new research.
The “Too Much Information” report published by Digital Shadows on Thursday, found that 1.5 billion files were exposed across the internet’s most ubiquitous file sharing services. That includes 64 million files in the UK alone – the equivalent to one file for nearly everyone in the country.
Security Teams, Bow your Heads
Thousands of security audits (5,794), network infrastructure details (1,830) and penetration test reports (694) were among the files publicly accessible online.
The instances were blamed by Digital Shadows on poor security practices in file-sharing protocols.
“As organizations look to bolster their internal security programs with assessments and penetration tests, they turn to external consultants and suppliers. As these consultants backup and share their work, this highly sensitive information can become exposed,” report authors Rick Holland, Rafael Amado and Michael Marriott noted.” Read More…