UpGuard researchers found sensitive internal files inside several Cloudera cloud storage buckets, causing Cloudera to pull the cloud storage servers offline, despite initially claiming the servers were “open by design.”
UpGuard discovered multiple misconfigured AWS cloud storage buckets under the control of Hortonworks, an enterprise data processing company which completed a merger with Cloudera in January of 2019. Amidst terabytes of intentionally public files, however, were numerous system credentials and other internal developer information. UpGuard concluded that when so many directories and files of varying format are stashed away together, it becomes all too easy for something to be mistakenly put among them and remain unnoticed.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
