Unprotected S3 Buckets Results In Over 80,000 ID Cards And Fingerprint Scans

A US-based used electronics retailer has exposed over 2.6 million files, including ID cards and biometric images, after a misconfigured AWS S3 bucket was discovered. For background, a random scan for server vulnerabilities led to the discovery of the wide-open S3 bucket on October 12, 2020. The company itself appeared to be shuttered, with an invalid contact email and its website offline, but Website Planet contacted AWS two days later and the issue was eventually remediated. There were 80,000 or so images of personal identification cards such as driver’s licenses, and 10,000 fingerprint scans included in the millions of files found in the database

Experts Comments

November 20, 2020
Chris DeRamus
VP of Technology Cloud Security Practice
Rapid7
There is a rapid adoption of cloud underway as organizations work to innovate and deliver better products and services to consumers more quickly. As organizations make this transition, they should remember that the self-service nature of the cloud opens them up to increased risk. Unprotected S3 buckets and databases are a common occurrence and one that attackers continue to exploit. In fact, out of 196 breaches caused by cloud misconfigurations in 2018 and 2019, S3 bucket misconfigurations.....Read More
There is a rapid adoption of cloud underway as organizations work to innovate and deliver better products and services to consumers more quickly. As organizations make this transition, they should remember that the self-service nature of the cloud opens them up to increased risk. Unprotected S3 buckets and databases are a common occurrence and one that attackers continue to exploit. In fact, out of 196 breaches caused by cloud misconfigurations in 2018 and 2019, S3 bucket misconfigurations accounted for 16% of those breaches. Organizations should take the appropriate security measures, such as security automation, to ensure that data is protected at all times. Automation takes the headache out of making cloud infrastructure secure in a shared responsibility world by providing a framework for what organizations should be doing via a continuous, real-time process. By leveraging security automation, companies can stay agile and innovate while maintaining the integrity of their technology stacks and applying the unique policies necessary to operate their businesses. If risk is not considered and addressed initially, organizations can face fines, legal fees, and ultimately their viability.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.