Thousands of Amazon S3 data stores left unsecured due to misconfiguration

Will Vandevanter, of Help Net Security, made a rather disturbing discovery: thousands of Amazon S3 data "buckets" were improperly configured and left exposed to prying eyes. Vandevanter started his probe by generating URLs using the names of major companies and sites that use Amazon's cloud storage service. In the end he uncovered 12,328 of the so-called buckets -- 1,951 of which were visible to the public. Those folders were home to some 126 billion files that contain everything from personal data hosted by a social networking service, sales records, video game source code and even unencrypted backups of databases. By default, S3 accounts are set to private, which means these stores of potentially sensitive data had to be flipped to public manually -- most likely by accident. Amazon has responded to the discovery by alerting users who might have inadvertently made their files publicly accessible. If you've got an S3 account of your own, now would be an excellent time to double check your own settings. And if you're looking for more details of Vandevanter's research, hit up the source link.