Security researchers warn Amazon's cloud customers about possible data exposure

Security researchers warn Amazon's cloud customers about possible data exposure
21 Feb, 2018

Security researchers have issued several warnings to customers of Amazon Web Services, the cloud computing arm of e-commerce giant Amazon, about the possibility of their private information being made public because of misconfigured data settings. 

According to a BBC report, misconfigured settings had exposed companies such as Uber, Verizon, Alteryx, WWE, Dow Jones over the last 18 months.

BBC said almost 50 warnings were found posted on AWS servers and many of the servers carried more than one warning. 

The report further said that the warning messages were varied. While some merely alerted AWS customers about the misconfigured settings that could risk data exposure, others were more detailed in nature.

Researchers said that AWS customers should take precautionary measures before hackers pounce on the vulnearability. 

An Amazon India spokesperson told TechCircle that AWS did not suffer a data breach. 

"Customers buckets can sometimes be left open or unprotected if they have incorrectly configured them," said the spokesperson, adding that some organisation choose to keep their data open for collaboration.

AWS is one of the largest cloud service providers in the world, with its offerings being used across public and private sectors in several geographies.

AWS garnered $5.11 billion in revenue for its fiscal fourth quarter ended 31 December 2017 and $17.46 billion in the entire 2017. 

In the public cloud segment, AWS had an operating income of $1.17 billion and global revenue of $4.58 billion recorded for the third quarter of 2017. It's closest rivals are Google and Microsoft.

Last month, the Jeff Bezos-led group firm acquired cybersecurity startup Sqrrl Data Inc, whose founders previously worked for the US National Security Agency (NSA). 

The company also recently released its version of the open-source Linux operating system for enterprise customers that use AWS. This marked a shift in Amazon’s cloud strategy as it previously did not  allow such operating systems to run on its clients’ servers.

Update: An earlier version of this story stated that there was a data breach on Amazon's cloud servers. The story has been updated to include a clarification from Amazon.