Home Security Researchers Uncover Tons of of Amazon RDS Cases Leaking Customers’ Private Knowledge

Researchers Uncover Tons of of Amazon RDS Cases Leaking Customers’ Private Knowledge

by crpt os


Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show.

“Leaking PII in this manner provides a potential treasure trove for threat actors – either during the reconnaissance phase of the cyber kill chain or extortionware/ransomware campaigns,” researchers Ariel Szarf, Doron Karmi, and Lionel Saposnik said in a report shared with The Hacker News.

This includes names, email addresses, phone numbers, dates of birth, marital status, car rental information, and even company logins.

Amazon RDS is a web service that makes it possible to set up relational databases in the Amazon Web Services (AWS) cloud. It offers support for different database engines such as MariaDB, MySQL, Oracle, PostgreSQL, and SQL Server.

The root cause of the leaks stems from a feature called public RDS snapshots, which allows for creating a backup of the entire database environment running in the cloud and can be accessed by all AWS accounts.

Amazon RDS Snapshots

“Make sure when sharing a snapshot as public that none of your private information is included in the public snapshot,” Amazon cautions in its documentation. “When a snapshot is shared publicly, it gives all AWS accounts permission both to copy the snapshot and to create DB instances from it.”

The Israeli company, which carried out the research from September 21, 2022, to October 20, 2022, said it found 810 snapshots that were publicly shared for varying duration, starting from a few hours to weeks, making them ripe for abuse by malicious actors.

CyberSecurity

Of the 810 snapshots, over 250 of the backups were exposed for 30 days, suggesting that they were likely forgotten.

Based on the nature of the information exposed, adversaries could either steal the data for financial gain or leverage it to get a better grasp of a company’s IT environment, which could then act as a stepping stone for covert intelligence gathering efforts.

It’s highly recommended that RDS snapshots are not publicly accessible in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. It’s also advised to encrypt snapshots where applicable.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex