News broke last week that sensitive data was yet again leaked… yeah, this is the same song we sing almost every week, but that’s kind of the point. Our running analogy, “sometimes it feels like we are living in the cybersecurity version of the movie Groundhog Day,” becomes more apt with every passing day.
So what happened this time?
As reported by Zack Day, Security Editor for ZD Net, Robocent, a Virginia-based political campaign and robocalling company, left a massive batch of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password.
Another misconfigured S3 bucket …
According to statistics from Bitdefender, as many as 7% of all S3 servers are entirely publicly accessible without any authentication, and 35% are unencrypted. If you dig through some of the recent leaks caused by poorly configured Amazon S3 resources, “these aren’t low-value data stores.”
Recent leaks caused by leaky S3 buckets:
- National Credit Federation
- Australian Broadcasting Corporation
- Dow Jones
- Deep Root Analytics
These are just a few of the companies that have exposed sensitive, personal information for hundreds of millions of people from around the world.
This can change. You can stop S3 bucket leaks today with one easy step: install DivvyCloud.
In about 15 minutes, you can install DivvyCloud, connect your cloud (AWS, Azure, and GCP) accounts, quickly see S3 buckets that are misconfigured, and then turn on real-time continuous automated remediation of misconfigured buckets.
Make S3 bucket leaks a thing of the past (now and forever). Install DivvyCloud today with a free 30-day trial and make sure your company never makes the news for an S3 bucket leak.
DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.