ClickCease Publicly exposed Amazon cloud service expose user data

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Publicly exposed Amazon cloud service expose user data

Obanla Opeyemi

November 30, 2022 - TuxCare expert team

Thousands of databases hosted on Amazon Web Services Relational Database Service (RDS) have been discovered to be leaking personally identifiable information, potentially providing a gold mine for threat actors.

The exposure is provided by Amazon RDS’s snapshot feature, which is used to backup the hosted databases. Users can use this feature to share public data or a template database with an application, as well as create a Public RDS snapshot for sharing without having to deal with roles and policies.

Names, email addresses, phone numbers, dates of birth, passwords, credit card details, tokens, marital status, car rental information, and even company logins were leaked, all of which can be used by hackers.

Mitiga, an Israeli company that conducted the research from September 21, 2022 to October 20, 2022, said it discovered 810 snapshots that were publicly shared for varying lengths ranging from a few hours to weeks, making them vulnerable to abuse by malicious actors.

To demonstrate how a threat actor could access the data, the researchers created an AWS native technique that uses AWS Lambda Step Function and boto3, the Python software development kit to scan, clone, and extract sensitive information from RDS snapshots on a large scale.

The researchers then observed 2,783 RDS snapshots, of which 810 were exposed publicly. Furthermore, 1,859 of the 2,783 snapshots were exposed for one to two days, giving an attacker enough time to obtain them easily.

However, Mitiga points out that AWS is not to blame because AWS not only makes RDS users aware of publicly exposed snapshots, but also provides tools such as AWS Trusted Advisor, which detects security issues and recommends remediation steps.

“We think it’s not an overstatement to assume the worst-case scenario — when you are making a snapshot public for a short time, someone might get that snapshot’s metadata and content. So, for your company and, more importantly, your customers’ privacy — don’t do that if you are not 100% percent sure there is no sensitive data in the content or in the metadata of your snapshot,” said Mitiga researchers.

The sources for this piece includes an article in SCMagazine.

Summary
Publicly exposed Amazon cloud service expose user data
Article Name
Publicly exposed Amazon cloud service expose user data
Description
Thousands of databases hosted on Amazon Web Services Relational Database Service (RDS) have been discovered to be leaking user data.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023