Amazon RDS Leaks User’s Personal Data

By   ISBuzz Team
Writer , Information Security Buzz | Nov 17, 2022 06:27 am PST

It has been reported that hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. This includes names, email addresses, phone numbers, dates of birth, marital status, car rental information, and even company logins.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Paul Bischoff
Paul Bischoff , Privacy Advocate
November 17, 2022 2:28 pm

The majority of RDS leaks, according to the report, are a result of snapshots being improperly shared. An RDS snapshot allows an admin to create a backup of an entire database. In many cases, these snapshots are created, made publicly accessible, and then forgotten about. Amazon recommends not making snapshots public, encrypting them if possible, and, if you insist on sharing them, redacting PII from the database first.

Last edited 1 year ago by Paul Bischoff
Chris Hauk
Chris Hauk , Consumer Privacy Champion
November 17, 2022 2:28 pm

It seems that most of the data leaks associated with Amazon Web Services stem from misconfiguration and this leak is no exception. Data buckets and backups must be carefully configured or they will continue to be among the favourite targets for the bad actors of the world.

Last edited 1 year ago by Chris Hauk

Recent Posts

Would love your thoughts, please comment.x