It has been reported that hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. This includes names, email addresses, phone numbers, dates of birth, marital status, car rental information, and even company logins.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The majority of RDS leaks, according to the report, are a result of snapshots being improperly shared. An RDS snapshot allows an admin to create a backup of an entire database. In many cases, these snapshots are created, made publicly accessible, and then forgotten about. Amazon recommends not making snapshots public, encrypting them if possible, and, if you insist on sharing them, redacting PII from the database first.
It seems that most of the data leaks associated with Amazon Web Services stem from misconfiguration and this leak is no exception. Data buckets and backups must be carefully configured or they will continue to be among the favourite targets for the bad actors of the world.