It’s time to update the list of security incidents caused by misconfiguration of cloud storage resources since the last couple of weeks have unfortunately been quite prolific. The shared responsibility model continues to be overlooked, or simply misunderstood by too many organizations, and as a consequence tons of sensitive data is leaked from the cloud on a daily basis, putting thousands of individuals (and dozens of municipalities) at risk of fraud, identity theft, and phishing campaigns.
As always, the sector of the victims (and consequently the kind of exposed data) is quite heterogeneous. The last wave of incidents occurred in July and has seen:
- A platform used to connect artists and potential buyers exposing an AWS S3 bucket with more than 200,000 files in 421 GB of data containing the records related to over 7,000 artists, collectors, galleries, and potentially customers’ data too.
- More than 1,000 GB of data and over 1.6 million files from dozens of municipalities in the US was