Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Researchers Discover Hundreds of Amazon RDS Instances Leaking Users’ Personal Data

admin by admin
November 16, 2022
in Ethical Hackers


Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show.

“Leaking PII in this manner provides a potential treasure trove for threat actors – either during the reconnaissance phase of the cyber kill chain or extortionware/ransomware campaigns,” researchers Ariel Szarf, Doron Karmi, and Lionel Saposnik said in a report shared with The Hacker News.

This includes names, email addresses, phone numbers, dates of birth, marital status, car rental information, and even company logins.

Amazon RDS is a web service that makes it possible to set up relational databases in the Amazon Web Services (AWS) cloud. It offers support for different database engines such as MariaDB, MySQL, Oracle, PostgreSQL, and SQL Server.

The root cause of the leaks stems from a feature called public RDS snapshots, which allows for creating a backup of the entire database environment running in the cloud and can be accessed by all AWS accounts.

Amazon RDS Snapshots

“Make sure when sharing a snapshot as public that none of your private information is included in the public snapshot,” Amazon cautions in its documentation. “When a snapshot is shared publicly, it gives all AWS accounts permission both to copy the snapshot and to create DB instances from it.”

The Israeli company, which carried out the research from September 21, 2022, to October 20, 2022, said it found 810 snapshots that were publicly shared for varying duration, starting from a few hours to weeks, making them ripe for abuse by malicious actors.

CyberSecurity

Of the 810 snapshots, over 250 of the backups were exposed for 30 days, suggesting that they were likely forgotten.

Based on the nature of the information exposed, adversaries could either steal the data for financial gain or leverage it to get a better grasp of a company’s IT environment, which could then act as a stepping stone for covert intelligence gathering efforts.

It’s highly recommended that RDS snapshots are not publicly accessible in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. It’s also advised to encrypt snapshots where applicable.






Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Scan Memory For Secrets And More

Next Post

Best VPN for Beginners in 2022

Next Post

Best VPN for Beginners in 2022

Recommended

Twilio Reveals Another Breach from the Same Hackers Behind the August Hack

5 months ago

CyberGhost VS Hide My Ass: Which Wins?

7 months ago

© Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.