New Amazon S3 Breach Exposes Every US Household

Discussion in 'Technology News' started by Rengar, Dec 23, 2017.

  1. Rengar

    Rengar Level 16

    Jan 6, 2017
    Windows 8.1
    Massive data breach caused by unsecured AWS S3 cloud server.
    Amazon Web Services hosts database servers for a wide variety of clients, but someone might need to take a look at the instruction manual. Once again, another company’s data has been accessed via an unsecured S3 server, and this one contains information on almost every single household in the US.

    UpGuard, whose researchers have been instrumental in rooting out unsecured Amazon S3 servers, has again found another unprotected cache of sensitive data that someone didn’t secure. This time, it’s a California-based data analytics firm who counts credit reporting agency Experian as one of its sources of data.

    Breach has affected 123 million Americans across billions of data points.

    Big names breached
    Experian is one of the top three reporting agencies worldwide, along with TransUnion and Equifax. Equifax suffered its own hacking event back in July, one that exposed the complete personal identifiable information of more than 143 million individuals around the world (most of them in the US, though), as well as payment card information for other affected individuals.

    In this incident, the issue is the amount and type of data that companies just like to collect and store, yet don’t have the know-how to protect it. What they want to know has increased exponentially but their security has not.

    With great power…
    According to researchers from UpGuard, “The continuing concentration of data by a number of large enterprises, now wielding powerful technology of the sort provided by Alteryx, has not been accompanied by greater prudence and process improvement necessary to ensure that the data will remain securely stored. The result has been, in the same way warming waters increase the power of hurricanes, that data exposures such as this are capable of exposing the vast majority of American households to compromise with one error.”

    AWS S3 cloud storage
    In each of the accidental data leaks involving companies using Amazon Web Services S3 cloud storage, the issue can be traced back to not having password protection on the server. That is a default setting from AWS, so in each instance, someone has stripped away the password protection and left the data exposed to anyone who stumbles along. Fortunately for consumers, UpGuard has been doing all the diligent stumbling and informing those companies, but that does not mean someone nefarious didn’t quietly get there first.
    Weebarra and harlan4096 like this.
Similar Threads Forum Date
New Amazon S3 Breach Exposes Every US Household Technology News Dec 21, 2017
Security Alert Amazon Denies Data Breach Rumors but Resets User Passwords Just in Case News Archive Oct 12, 2016
Gaming 'Leaked' Modern Warfare 2 Remastered listing on Amazon Italy, dubbed for April 30th Gamers Hangout Saturday at 8:15 AM
  • About Us

    Our community has been around since 2010, and we pride ourselves on offering unbiased, critical discussion among people of all different backgrounds about security and technology . We are working every day to make sure our community is one of the best.
  • Need Malware Removal Help?

    If you're being redirected from a site you’re trying to visit, seeing constant pop-up ads, unwanted toolbars or strange search results, your computer may be infected with malware. We offer free malware removal assistance to our members in the Malware Removal Assistance forum.
  • Quick Tip

    Without meaning to, you may click a link that installs malware on your computer. To keep your computer safe, only click links and downloads from sites that you trust. Don’t open any unknown file types, or download programs from pop-ups that appear in your browser.