Despite a great deal of attention to the problem, cloud configuration continues to be a major issue. When data and applications are moved from on-prem environments to the cloud, proper access controls don’t always follow.
Last month, online job site Ladders exposed more than 13 million user records it was hosting on Amazon Web Services’ cloud. The reason? Misconfigured access controls on their instance of AWS Elasticsearch Service.
In May, security researchers at UpGuard reported that data of more than 500 million Facebook users was exposed by third parties storing the information in unprotected Amazon S3 buckets. Chtrbox confirmed the accidental exposure but said that the scope of it wasn’t as big as reported.