Connect with us

Hi, what are you looking for?

Tech & Science

V Shred exposes 1 million files with open S3 bucket (Includes interview)

With the incident, a misconfigured AWS S3 bucket at V Shred, is repored by ZDNet, to have exposed more that one million files, including persoanl data relating to some 99,000 people associated with the fitness brand’s customers. This arose because the AWS bucket was completely opened to the public.

Concerns with the type of data that has been exposed have been picked up by Balbix CTO Vinay Sridhara. The analyst is concerned with one of the responses from V Shred about the exposed data not being seen as important. Sridhara explains that just because information does not “seem” important this does not mean that the data cannot be used by hackers.

Sridhara says this is down to the nature of the environment within which the data was held: “The challenge of cloud environments is that the chance of misconfigurations greatly increases, and many organizations assume that major third-party providers have strong default security standards.”

Sridhara clarifies: “Combined, these factors often lead to lax security in cloud environments. In the case of V Shred, the S3 bucket was left completely open to public access and included identifiers in the URL that made user information easily identifiable. Perhaps even more concerning is that V Shred responded to the vulnerability by saying they it was necessary to have the files open and that no personal identifiable information was exposed.”

With this point, Sridhara notes: “Though some information may seem “harmless,” any compromised data can increase the chances of a highly targeted (and effective) phishing scheme, making it easier for hackers to track and compromise people online. Only implementing security measures that can monitor risk in cloud environments will ensure that the public is fully protected.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

What do you guys think the expression “useless morons” means?

Sports

For those seeking to snap up a ticket, it is important to know how to spot fake tickets, verify sellers, and safeguard the purchase.

Business

The US Department of Justice filed a major antitrust lawsuit Thursday seeking to break up an alleged monopoly in the live music industry.

Tech & Science

A defensive approach is no longer sufficient. Water facilities must implement a proactive cybersecurity defense to effectively mitigate cyber threats.