Published in Cloud

There is a hole in my cloud bucket

by on24 September 2020

Dear Liza, dear Liza

A Comparitech security report claims that nearly six percent of all Google Cloud buckets are vulnerable to unauthorised access due to misconfiguration issues.

Buckets, in cloud storage, are the basic containers that are used to hold the data. Everything that a user stores in cloud storage must be contained in a bucket. Admins can use these containers to organise their data and to control access to it. However, unlike folders and directories, they cannot nest one bucket into another bucket.

Writing in his bog, Comparitech's Paul Bischoff revealed that its team attempted to search for open bucket on the web. It started by scanning the web using a tool which is easily available to admins and hackers.

In its web search, the researchers looked for Alexa's top 100 web domains, in combination with some common words, such as "db", "database", and "bak" used by admins when naming their buckets.

Through this web scan, the research team was able to discover 2,064 Google Cloud buckets in about 2.5 hours.

After analysing all 2,064 buckets, the researchers found that 131 of them - nearly six percent - were misconfigured and vulnerable to unauthorised access.

According to Comparitech, the exposed data included nearly 6,000 scanned documents containing confidential information, such as passports details and birth certificates of children in India. A database belonging to a Russian web developer was also found that leaked developer's chat logs and email server credentials.

Bischoff warns that uncovering exposed cloud databases on internet is not difficult . Google cloud storage has naming guidelines that make open buckets easy to find. Such buckets can contain sensitive files, source code, credentials and databases, which can be illegally accessed by malicious actors.

According to Bischoff, admins can check if their bucket is exposed by using gsutil (Google's official command-line tool) or BucketMiner tool to scan the web. Scanning for company's name on Google and Amazon infrastructure will display some filenames, images, or other stats, suggesting the bucket is open.


Last modified on 24 September 2020
Rate this item
(0 votes)