Details on over 350,000 SSL247 customers exposed due to misconfigured AWS bucket

By   ISBuzz Team
Writer , Information Security Buzz | Aug 28, 2020 06:19 am PST

Another week, another misconfigured AWS S3 bucket as security researchers have discovered a misconfigured AWS S3 bucket exposing sensitive files related to SSL247, a reseller of internet security products. The leaky database exposed the personal information of up to 350,000 customers (150 GB), who made purchases through SSL247 between 2012-2020. The data breach affected customers in South America, the Middle East, North America, Europe, and Africa.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Mark Bower
Mark Bower , Senior Vice President
August 28, 2020 2:41 pm

The cloud itself represents the ultimate 3rd party risk, and minimum viable compliance is proven yet again to be nowhere close enough to minimum viable security. The twist is that the shared responsibility model for the cloud puts 100% the responsibility on the data owner when they are responsible to secure, configure, and control the cloud they are using. This is a classic and preventable case of breakdown – assuming the cloud’s controls are in place or sufficient, and illustrating the weak reliance on checklists and humans to enforce them. So many organizations rely on risk assessments instead of hard, proven controls like encryption and tokenization of data. The former may meet a policy, but only the latter will stop data theft when misconfiguration, attack, or error leaves data exposed.

Last edited 3 years ago by Mark Bower

Recent Posts

Would love your thoughts, please comment.x