Kromtech launches tool to identify and prevent Amazon cloud server leaks

In response to the influx of data breaches caused by misconfigured cloud databases, the security firm has developed a tool that will let administrators check if their bucket is inadvertently being shared with the public.
By Jessica Davis
10:08 AM
Amazon cloud server leaks

The Kromtech Security Center launched a free tool that allows administrators to check if their Amazon AWS S3 buckets are exposed to the public.

The audit tool provides a report on its cloud database, which the administrator can use to shut down any unwanted public access to their S3 bucket and data. Further, it provides transparency to organizations to verify its databases aren’t being downloaded and are inaccessible to unauthorized users.

[Also: Accenture latest to breach client data due to misconfigured AWS server]

“[Amazon S3] is fast, scalable and easy to use, but far too often we have seen cases where administrators fail to configure it properly,” the researchers wrote. “This usually results in confidential user data or internal data leaked online to anyone with an internet connection.”

The researchers have continued to see an increase in misconfigured S3 databases, and “hope that by raising public awareness and giving people the tools to quickly check if they are protected from leaks.”

Kromtech is continuing to develop the tool to include more scanning and security features and welcomes ideas from the security community for improvements.

[Also: Data on 150,000 patients exposed in another misconfigured AWS bucket]

The release comes in response to a steady increase in data breaches caused by misconfigured databases. Just last month, Accenture notified the public that hundreds of gigabytes of sensitive data were left exposed online, when it inadvertently left four of its AWS buckets open to the public.

Verizon recently admitted it exposed the data of 14 million customers in a misconfigured database. There’s a long list of organizations reporting similar data leaks in this year alone including healthcare provider and systems, voter analytics firms and phone companies, as well.

Twitter: @JessieFDavis
Email the writer: