There are an amazing number of misconfigured Amazon S3 buckets. I have no clue why. No company should be in this boat any more.
Truffle Security said that a team of there security pros STUMBLED across about 4,000 of them.
What was in them?
Login credentials – not great.
Security keys – even worse.
API keys – worse yet.
Also SQL server passwords, Coinbase API keys. Even login info for other AWS S3 buckets.
But what I like is capitalism.
Some enterprising researchers are teaming up with law firms. Why?
The researchers find the leaky buckets.
The law firms sue the owners (and pay a commission).
Sounds like a win-win-win deal. Win 1 – the lawyers get a payday. Win 2 – the researchers get a commission. Given there are so many leaky buckets, everyone gets rich.
What is the third win for? Win 3 – the companies get to close the leaky buckets.
Mind you it might have been cheaper if they just used the tools that Amazon has made available, but whatever gets the job done.
I am only being slightly a smartass. If this isn’t a great reason to hunt for leaky S3 buckets, I can’t think of a better one. Find those leaks. And close them. Avoid those lawsuits. P-L-E-A-S-E!!!!!! Credit: The Register