Google Cloud Buckets Exposed in Rampant Misconfiguration
According to a new analysis, highly sensitive information is publicly available in a large percentage of cloud databases due to misconfiguration errors. A new survey of 2,064 Google Cloud buckets found that 6% were left open to the public internet, allowing anybody to access their contents. Among the exposed data were 6,000 scanned documents including birth certificates, passports, and personal profiles. Another open database belonging to a Russian web developer included email server credentials and chat logs.
Uncovering exposed cloud databases can be a trivial matter, due to the fact that Google’s naming guidelines make them easy to find. Cloud database names must be between three and 63 characters and are prohibited from including spaces, containing only lowercase letters, numbers, dashes, underscores, and dots. Names must also start and end with a number or letter. This analysis covered just Google Cloud databases, however, Amazon Web Services S3 buckets are most commonly used to store information, containing the same issues and Google Cloud.