Securing Amazon S3 Data Is Not Optional

It feels like Amazon S3 isn’t always given the care and feeding it deserves. Horror stories make the cybersecurity news too often, usually accidental leakage of data from unsecured S3 buckets. We wrote about the importance of smart bucket policies before, and AWS updated default settings recently. Since it’s better safe than sorry, we wanted to share some insightful lessons we gathered to help you in securing Amazon S3 data.

PAINFUL LESSONS

LastPass Attacker Compromised Employee’s Personal Machine

The attacker who gained access to the LastPass cloud storage service last year and made off with some customer data gained initial access to the company’s systems after compromising an engineer’s home machine and stealing the employee’s company credentials, access the LastPass vault, and eventually gain access to the keys for Amazon S3 buckets that stored customer data and encrypted vault data.

Another take on this story…

UK Healthcare Platform, Lantum, Leaked 98k Files

During a routine open-source intelligence (OSINT) method on February 21, the Cybernews research team found a misconfigured Amazon AWS S3 bucket — storing 98,000 files — on Amazon Web Services. The team attributed the data breach to Lantum, a healthcare workforce management platform based in the United Kingdom.

Toyota Spewed Vehicle Location Data for Millions onto Unsecured Cloud Databases for 10 Years

Toyota admitted Friday that it had parked the data of millions of drivers – including vehicle location data – on a publicly available cloud database for over a decade owing to human error that went undetected.

More UK Councils Caught by Capita’s Open AWS Bucket Blunder

The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March’s mega breach.

Another take on this story…

US No-Fly List Leaked via Airline Dev Server

CommuteAir, a United Airlines puddle-jumper affiliate, leaked the federal government’s No-Fly and “Selectee” lists. Or, at least, a snapshot from 2019—totaling more than 1.8 million entries. Not only that, but detailed personal info on almost 1,000 employees. The vulnerability was an unsecured Jenkins server that contained secret credentials for more than 40 public-cloud storage buckets.

SOLUTIONS

10 Essential Tips for Protecting Your Amazon S3 Data from Cyber Threats

We will take a closer look at the ten essential tips for protecting Amazon S3 data from cyber threats to help ensure that your data is secure and your business can enjoy the benefits of cloud storage with peace of mind.

Top 10 Security Best Practices for Securing Data in Amazon S3

With more than 100 trillion objects in Amazon S3 and an almost unimaginably broad set of use cases, securing data stored in Amazon S3 is important for every organization. So, we’ve curated the top 10 controls for securing your data in S3.

Learn Lessons the EASY Way

Join 5,000+ tech industry subscribers to get monthly insights on getting the most from the cloud.



    Organize Your S3 Buckets with CloudSee Drive

    Get the most out of your S3 storage. For administrators and users too!

    • 100% browser based. Nothing to install.
    • Browse, view, and edit AWS S3 bucket files.
    • Mobile friendly.