Source: Motherboard
Summary
An unsecured Amazon-hosted server exposed customer data, including names, addresses, and phone numbers, without requiring a password. The server contained millions of records, which were left accessible to anyone who knew where to look. The data was reportedly collected by a third-party company that used it for marketing purposes. The leak was discovered by a security researcher who stumbled upon the exposed server. Amazon Web Services (AWS) was notified, and the server was secured shortly after.
Our Reading
The launch follows a familiar script.
Amazon’s cloud security gets another black eye, a third-party company collects and exposes customer data, and a security researcher saves the day. The data leak included sensitive customer information, which was left unprotected on an Amazon-hosted server. Because what’s a little customer data between friends? This is just another case of “secure by default” gone wrong.
Author: Evan Null
Security 101
It’s astonishing that in this day and age, companies still manage to leave sensitive data exposed without a password. This is not a sophisticated hack; it’s a basic security fail.
The Third-Party Problem
Third-party companies collecting and storing customer data are a weak link in the security chain. It’s time for companies to take responsibility for their partners’ security practices.
Amazon’s Role
AWS provides the infrastructure, but it’s up to the customer to secure it. However, this incident highlights the need for more robust security measures and better monitoring of third-party companies.
Data Breaches Are the New Normal
Data breaches are becoming increasingly common. It’s time for companies to prioritize security and transparency, rather than relying on PR spin to downplay the severity of these incidents.
Who’s Watching the Watchers?
The fact that a security researcher had to discover this leak raises questions about the effectiveness of Amazon’s security monitoring and the need for better oversight of third-party companies.
