I ran across a data breach at Dow Jones, the parent company of the Wall Street Journal newspaper. Apparently there was a database export that was stored on an Amazon S3 bucket. A security researcher discovered this and notified the company. Once the issue was corrected, the article linked above was published.
The details note that the security on the bucket was set to authenticated users, which is good. So, some security was set up. To me, if I were operating in an Azure or AWS environment, I would assume this meant authenticated users in my subscription/account/etc. In other words, my business partners and employees.
That’s not the case. This means anyone with an AWS account, which means anyone bothering to register for an account because they’re free. This meant that anyone, from security researchers to criminals to any of you that do work in AWS, could have downloaded the data. The report was released after security was changed, which is a responsible approach. We, as an industry, need to know about these things, but we also don’t want to unnecessarily expand a data breach.
Since this has been published, however, it’s likely that plenty of people are scanning S3 buckets, looking for data that has “Authenticated Users” as a security setting. If you have any doubts, check and change your security now. This setting amounts to “public” since anyone can get an AWS account in a couple minutes. Double check your account and ensure security is set to meet the requirements of your organization.