Kromtech launches tool to identify and prevent Amazon cloud server leaks
The Kromtech Security Center launched a free tool that allows administrators to check if their Amazon AWS S3 buckets are exposed to the public.
The audit tool provides a report on its cloud database, which the administrator can use to shut down any unwanted public access to their S3 bucket and data. Further, it provides transparency to organizations to verify its databases aren’t being downloaded and are inaccessible to unauthorized users.
“[Amazon S3] is fast, scalable and easy to use, but far too often we have seen cases where administrators fail to configure it properly,” the researchers wrote. “This usually results in confidential user data or internal data leaked online to anyone with an internet connection.”
The researchers have continued to see an increase in misconfigured S3 databases, and “hope that by raising public awareness and giving people the tools to quickly check if they are protected from leaks.”
Kromtech is continuing to develop the tool to include more scanning and security features and welcomes ideas from the security community for improvements.
The release comes in response to a steady increase in data breaches caused by misconfigured databases. Just last month, Accenture notified the public that hundreds of gigabytes of sensitive data were left exposed online, when it inadvertently left four of its AWS buckets open to the public.
Verizon recently admitted it exposed the data of 14 million customers in a misconfigured database. There’s a long list of organizations reporting similar data leaks in this year alone including healthcare provider and systems, voter analytics firms and phone companies, as well.