Are developers and even businesses leaving unprotected data laying around on cloud servers? One security website found that to definitely be the case, but it certainly doesn't have to be.
The Verge reported Wednesday that a recent probe of Amazon Simple Storage Service (S3) server "buckets" turned up a wealth of unprotected data, including digital photos and even passwords -- all because the companies who own those buckets failed to switch their cloud storage settings to private.
According to Net Security, a recent sweep of Amazon S3 servers turned up thousands of accounts simply by pulling up a company's automatically generated URL, where security expert Will Vandevanter found 1,951 so-called "buckets" exposed.
"From the 1,951 public buckets we gathered a list of over 126 billion files," Vandevanter writes. "The sheer number of files made it unrealistic to test the permissions of every single object, so a random sampling was taken instead. All told, we reviewed over 40,000 publicly visible files, many of which contained sensitive data."
Out of 12,328 unique buckets probed, the vast majority (10,377) were set to private -- but around one in every six buckets were not, leaving personal photos, sales records, account information, employee personnel files, unprotected database backups and much more open to just about anyone.
Ironically, Amazon S3 accounts are set to private by default -- which means the companies involved have chosen to make them public, either intentionally or as the result of misconfigured settings.
Amazon's AWS security team has responded quickly to the report and is said to be "currently putting measures in place to proactively identify misconfigured files and buckets moving forward."
Follow this article’s author, J.R. Bookwalter on Twitter