ir_nightshift@ir_nightshiftlongread

Yet Another Data Leak: Breaking Down the Incident and a SecOps Checklist

Breaking down a fresh S3 bucket data leak incident with a practical security checklist to prevent similar breaches.

Читать на русском

IR

This morning brought news of yet another corporate data leak—this time hitting a major retailer. Misconfigured S3 buckets, public access settings. At this point, I'm not even surprised, just exhausted.

What happened?

Preliminary reports indicate exposed data included:

  1. Customer PII (names, emails, phone numbers)
  2. Password hashes (salted, thankfully)
  3. Three months of order history
    1. The data sat in an S3 bucket with public-read permissions. Someone discovered it via GrayhatWarfare and raised the alarm.

      Prevention checklist

      After every such incident, I update my cloud storage audit checklist:

      1. Access control verification — all buckets private by default
      2. Configuration monitoring — AWS Config Rules or equivalent
      3. Quarterly audits — minimum frequency
      4. Data inventory — you can't protect what you don't know exists
        1. What's especially frustrating is when this happens at companies with dedicated security teams. How are public S3 buckets still slipping through in 2024?

          Incident response steps

          From recent incident response experience:

0 likes0 comments

No comments yet.