The Growing Trend of Amazon S3 Breaches

Starting in early April of 2017 the security community began to notice a series of data breaches associated with large and well-known organizations.  These organizations all had one thing in common, and that was the use of poorly secured Amazon Web Service (AWS) Simple Storage Service (S3) buckets that were used to secure their data.  These incidents occurred over a short period of time and surprisingly enough the organizations listed below were not the only ones that were left exposed.  It was found that 7% of all Amazon S3 buckets allow unrestricted public access to their data, and 1/3rd of those are left unencrypted. 

These numbers show that the misconfiguration of a cloud container can happen to anyone from army contractors to financial organizations resulting in the exposure of highly sensitive information including personal identifiable information, security credentials, and financial records of their clients.

Breach Timeline:

First AnnouncedCompanyWhat was exposed
April 5th, 2017Scottrade20,000 customers’ personal information and security credentials
May 30th, 2017
Dow Jones
Personal information, emails and account information of confirmed 2.2, estimated close to 4 million customers
May 31st ,2017
Booz Allan Hamilton(Top US defense Department contractor) exposed sensitive information of 90,000
July 13th, 2017WWEExposed personal information of 3 million wrestling fans
July 13th, 2017
(Nice Systems)
(Nice Systems is a Verizon contractor) Claimed 4, estimated up to 14 million records in customer records and personal PIN
Aug 9th, 2017GroupizeClose to 3000 documents containing full credit card information
Aug 12th, 2017
(US voting machine supplier)
1.8 million of personal information on American voters
Aug 31st, 2017
(Cloud file hosted by AWS) Exposed 9400 of secret government applicants’ security clearancesSep 21st, 2017
Sep 21st, 2017 SVR Tracking
More than half a million customers records including security credentials, vehicle information, and location logs of vehicles

How Were They Found

For each internet facing Amazon S3 instance that is provisioned, a non-private name and URL is provided in order to access this instance over the internet.  Many believe if they simply do not tell anyone this URL it cannot be found, but in fact they instance will be detected and under attack within less than 10 minutes.  There are threat actors on the internet that are constantly scanning the internet searching for systems that can be exploited.  Once a system has been exploited by a threat actor, others begin to search for similarities in other systems that can be exploited in the same way. In the breaches mentioned above, that similarity was AWS.

Who Is Responsible

Anyone can easily deploy infrastructure within a cloud environment within a matter of minutes, but that does not mean it will be secure.  The misconfiguration of access controls and security permissions is the most common reason data breaches occur within the cloud. These misconfigurations are typically due to human-error as those provisioning and managing these instances may not understand how security is applied within the cloud.   Security concepts and controls cannot be deployed the same way within a cloud environment as within a physical network.  While both can provide the same level of security, each much be configured in their own way in order to ensure either environment is well protected.  An important point to note is that Amazon sets the default access settings to private for all new buckets, and there are few configurations that can override this setting.

The management of the cloud infrastructure and configuration of cloud security controls and settings are the responsibility of the client.  They client may take this responsibility upon themselves, or hire professional contractors to manage their cloud environment. For example, Nice Systems which was contracted by Verizon to manage their S3 environment, as well as Booz Allen Hamilton (one of the top US Defense Department contractors).  When outsourcing the management of your cloud environment to a third party the organization must ensure they have a clear and concise understanding of each parties’ role and responsibility to protect the organizations data.

What Can Be Done

The Cloud Environment can be an excellent solution for your organizations networking and infrastructure needs, but only if implemented securely.  At InfoTransec we are dedicated to deliver the world’s best practices to our customers and provide them with information to securely implement, migrate or management or manage a cloud environment. 

Contact Us

InfoTransec Inc.

+1 855-INFOSEC (463-6732)

9am – 5pm   Weekdays

The Atrium @ MIP
McMaster Innovation Park
Suite 416A-8
175 Longwood Road South,
Hamilton, ON, L8P 0A1

© InfoTransec – 2019 – All Rights Reserved | Privacy Policy

Icons made by Freepik from is licensed by CC 3.0 BY