Business AWS employees put sensitive data on Github

AWS employees put sensitive data on Github

-

AWS. (Photo: Sundry Photography / Shutterstock)

01/25/2020, 12:28 a.m.
Note: We used commission links in this article and marked them with “*”. If an order is placed via these links, t3n.de receives a commission.

Sensitive data from Amazon’s AWS cloud service was accessible to everyone via Github for five hours. Among them were various passwords and key pairs.

Nightmare for Amazon’s cloud service AWS (Amazon Web Services): A technical employee of the platform has published sensitive data on Github on a large scale. The package included various passwords and AWS key pairs and private keys, which third parties could use to gain access to AWS services. The IT security company Upguard reportedly discovered the data leak after half an hour and alerted AWS Security. After five hours, the data had been deleted from the Github repository.

AWS data leak: passwords and keys

The bundle of data – the downloaded zip file was 954 megabytes in size, according to Upguard – contained not only the passwords and keys, but also numerous AWS documents and log files that could be used to identify customers of the AWS employee. With the passwords and keys, potential attackers could have given root access to the AWS accounts of affected customers. Authentication tokens and API keys for third-party providers, such as email accounts, were also found.

Documents with sensitive data from AWS customers, such as bank statements, emails or personal documents, including a driver’s license, were also not intended for the eyes of third parties. According to Upguard, these documents could also be used to identify an AWS employee via his LinkedIn profile. Therefore, and because of AWS training documents and documents that Amazon has classified as secret, which can also be viewed in the Github repository, the security researchers assume that an AWS employee is behind the publication.

AWS: access to accounts?

It is not clear whether the temporarily publicly available data has fallen into the wrong hands and whether it has been misused, such as accessing an AWS account. The incident had already taken place on January 13th. The magnitude of the effects of data theft or accidental breakdowns can be seen in the case of a data scandal from the summer of 2019. Back then, a former AWS employee was said to have gained access to data stored in the AWS cloud by over 100 million Bank Capital One customers ,

More on the subject:

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Inexpensive but good: The top ski areas in Europe

Many winter sports enthusiasts are currently drawn to the ski areas of Europe: whether skiing or snowboarding, many areas...

Calima, wind and fire close the air and maritime space in the Canary Islands | Spain

Las Palmas airport. B. S. (REUTERS) / VIDEO: ATLAS The Canary Islands have experienced this weekend a hell of...

Calima, wind and fire close the air and maritime space in the Canary Islands | Spain

Las Palmas airport. B. S. (REUTERS) / VIDEO: ATLAS The Canary Islands have experienced this weekend a hell of...

Khamenei blames “propaganda” on the coronavirus of low participation in elections

The ultraconservative current swept through a parliamentary election in Iran in which there was the least participation since the...

Must read

Inexpensive but good: The top ski areas in Europe

Many winter sports enthusiasts are currently drawn to the...

Calima, wind and fire close the air and maritime space in the Canary Islands | Spain

Las Palmas airport. B. S. (REUTERS) / VIDEO: ATLAS...

You might also likeRELATED
Recommended to you