Cloud services are playing a crucial role to guarantee business continuity during this complicated period. SaaS applications and IaaS services have extended the corporate perimeter, allowing a nearly completely remote workforce to access their data from virtually any place.

Without considering the security implications for the endpoint (a topic that would deserve an entire blog post on its own), this process has revealed an increasingly common threat: the risk of misconfigurations leaking the data stored in the cloud to the entire planet. Poor security procedures, lax default settings, and also the mindset of too many users and administrators, which is still “on-premise“, are common causes of cloud leaks.

Over the last few years there have been multiple examples of leaky cloud services, exposing million of user records (with easily predictable consequences for the privacy of the unaware victims), or even fueling other attacks such in case of the two Magecart campaigns carried out compromising the AWS S3 buckets hosting the targeted sites’ configuration files.

And despite AWS S3 is the most common service to leak data, it’s not the only one, as you will notice. Last but not least, I will keep this list updated as soon as new cloud breaches will be revealed during 2021.

As always, thanks for sharing and supporting my work for spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.