According to security researchers at Mitiga, hundreds of Amazon relational database service (RDS) instances have been found to be exposed. The exposed databases resulted in the extensive leakage of personally identifiable information (PII). The discovery was announced by the security researchers at Mitiga on Wednesday. Amazon released the platform-as-a-service tool in 2009, and it seeks to provide a database platform based on various operational engines.
When using the service, users can deploy RDS snapshots that can back up the entire database. These snapshots can then be shared across different AWS accounts, both internally and externally. Mitiga wrote that the snapshots could potentially leak sensitive data to the world, even with the deployment of security network configuration. The company discovered that several snapshots had been shared publicly by accident for as long as multiple weeks.