Nearly 20 billion files, including sensitive credential and database dump files, have been exposed due to misconfigured cloud storage buckets. Mysterium VPN researchers discovered that 535,480 publicly accessible cloud storage buckets across major providers like Amazon S3, Google Cloud, Azure, DigitalOcean, and Alibaba contained these exposed files, accessible without any login or exploit, according to a recent report by Security Affairs.The exposed files encompass a wide range, with 685,047 credential and key files, such as .env files and private keys, and nearly 1 million database dumps, including .sql and .bak files. This level of exposure grants potential attackers direct access to live systems rather than just data. The research highlights that the danger lies not in individual files but in their interconnectedness, where a single misconfigured bucket can lead to a complete data breach.While Amazon S3 accounts for over two-thirds of the exposed storage, the issue stems from widespread misconfigurations by customers rather than platform insecurity. The report emphasizes that the solution involves defaulting to private settings, avoiding storing secrets in object storage, encrypting backups, and regularly scanning for vulnerabilities. For individuals, the advice includes using unique passwords, enabling multi-factor authentication, and limiting data sharing with services.Source: Security Affairs
Cloud Security
Nearly 20 billion files exposed in misconfigured cloud buckets

An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds


