Search tool accesses firms' documents in the cloud

A bucket with water in it being tipped Image copyright Getty Images

A website created by anonymous hackers has been launched that allows anyone to search for sensitive data stored in the cloud.

Buckhacker is a tool that trawls servers at Amazon Web Services (AWS), a popular cloud computing platform.

AWS provides data storage to private firms, governments and universities, among others.

Exposed data has been found on it before, but Buckhacker makes searching for it much easier.

The name comes from the fact that AWS Simple Storage Servers (S3) are known as “buckets” – this is the part of AWS that Buckhacker accesses.

The BBC alerted Amazon to Buckhacker shortly after it went live, but the firm has yet to issue a statement on the matter.

Offline ‘for maintenance’

On Wednesday afternoon, Buckhacker went offline “for maintenance”, though it had previously been working allowing a number of cyber-security experts to explore it.

“We went online with the alpha version [too] early,” said a Twitter account associated with the Buckhacker site.

Security expert Kevin Beaumont told the BBC: “It’s a goldmine of stuff which shouldn’t be public.”

He pointed to one example that appeared to be of encryption keys for a cloud customer at a different cloud computing service.

“S3 buckets have been a problem for years,” added Mr Beaumont.

“The search engine is the first easy to access ways of looking inside them… companies are losing control of their data in the cloud.”

BBC News Source Link

Brought to you by Planet Genius

If You Liked This Article, Join our Newsletter To Receive More Great Articles

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *