One other day, one other misconfigured database leaking delicate buyer knowledge to the broader web. 

This time round, the perpetrator is none apart from Amazon, as based on TechCrunch (opens in new tab), cybersecurity researcher Anurag Sen not too long ago found a significant Amazon database, no password safety in any way, obtainable to anybody who knew the place to look. 

With the assistance of Shodan – a search engine for internet-connected issues, Sen found the database, named Sauron, and located it filled with Amazon Prime viewing habits.

Deployment error

In complete, the database held some 215 million entries of pseudonymized viewing knowledge – which means whereas there’s loads of knowledge on particular prospects to find out about their viewing habits, it’s just about unattainable to attach these accounts with precise identities. Sauron comprises issues corresponding to film/sequence identify, the gadget used to stream the content material, community high quality, buyer subscription plan, and so forth. 

The database was reportedly first detected to be uncovered in late September 2022, after which Amazon was tipped off, and eliminated the system from the broader internet.

“There was a deployment error with a Prime Video analytics server. This drawback has been resolved and no account data (together with login or fee particulars) have been uncovered. This was not an AWS problem; AWS is safe by default and carried out as designed,” TechCrunch cited Amazon spokesperson Adam Montgomery.

Cloud misconfigurations are nothing new, and researchers have been warning for years that this man-made error is a significant trigger for knowledge breaches. In actual fact, a 2021 IBM report claimed 19% of knowledge breaches occur as a result of IT groups fail to correctly defend the property discovered inside their cloud infrastructure. The corporate polled greater than 500 organizations that suffered an information breach for the report, and discovered that for half (52%), securing knowledge saved within the public cloud remained a problem. 

Moreover, an Accurics report from 2020 claimed “almost all” cloud storage (opens in new tab) deployments have been misconfigured.

• These are the perfect SMB servers (opens in new tab) proper now