Five hours isn’t very long. It’s a flight from New York to Los Angeles. It’s a little over half of a standard workday. But when viewed from the perspective of exposed data, it’s an eternity – or at least long enough to get into the hands of malicious actors. Luckily, not all actors are malicious.
On January 13, Greg Pollock, VP of Product for UpGuard, received a notification about a potential data leak from originating from a GitHub repository. Pollock determined that an AWS engineer had committed about a gigabyte of data to a personal GitHub repository. While Pollock believes this was done unintentionally, he suspected that the data was likely sensitive – to either the engineer or to AWS and its customers.
The repository downloaded from GitHub was structured as general storage and contained AWS resource templates and log files. Among the most notable findings were files containing access keys for various cloud services and collections of authentication tokens and API keys for third-party providers. One file was suspiciously named “rootkey,” and several others were labeled “Amazon Confidential.” Pollock, a true steward of data security, alerted AWS of the issue. And AWS, with impeccable efficiency, handled the issue immediately.
As the largest host of source code in the world, GitHub is doing what it can to prevent fraudulent use of credentials that were committed accidentally. Their token scanning feature identifies tokens matching certain patterns, but it’s unclear if or when GitHub would have found the issue.
This incident could have been tragic for AWS and its customers, but fortunately, the reach of the shared responsibility model offered a safety net.