It has been reported that hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. This includes names, email addresses, phone numbers, dates of birth, marital status, car rental information, and even company logins.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
November 17, 2022 2:28 pm

The majority of RDS leaks, according to the report, are a result of snapshots being improperly shared. An RDS snapshot allows an admin to create a backup of an entire database. In many cases, these snapshots are created, made publicly accessible, and then forgotten about. Amazon recommends not making snapshots public, encrypting them if possible, and, if you insist on sharing them, redacting PII from the database first.

Last edited 21 days ago by Paul Bischoff
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
November 17, 2022 2:28 pm

It seems that most of the data leaks associated with Amazon Web Services stem from misconfiguration and this leak is no exception. Data buckets and backups must be carefully configured or they will continue to be among the favourite targets for the bad actors of the world.

Last edited 21 days ago by Chris Hauk
2
0
Would love your thoughts, please comment.x
()
x