According to the BBC, security researchers are sending “friendly warnings” to Amazon Web Services Inc. (AWS), about data stored on their cloud computing platform.
AWS has been plagued with a series reports about wide-open, non-encrypted data storages — often on the platform’s S3 storage service — which have led to or could lead data theft, ransomware attack, and many other problems. The most common reason for the exposed data is user configuration errors, such as not applying encryption. This is more than a flaw in AWS.
Some security firms make a lot of money by constantly revealing new discoveries of unencrypted storage locations. However, the BBC news service in the UK last week reported that it found out that security researchers had been finding exposed data and advising the owners via messages posted on AWS servers.
The BBC discovered almost 50 warnings on the firm’s servers, the company stated. “Many had more then one warning. The messages warned owners to protect their information before it was stolen.
Here’s an example warning:
This is a friendly reminder that your Amazon AWS S3 bucket settings may be wrong. Anyone can write to it.
The BBC stated that Uber, Verizon and Alteryx, as well as the WWE, U.S. defense contractor Booz Allen Hamilton and Dow Jones, had exposed data via misconfigured S3-buckets over the past 18 months. “Between them, the firms lost data covering digital identities of hundreds and millions of people.”
AWS has increased its security guidance efforts in light of these vulnerabilities and attacks. A open-source tool was created to address the problem.

BBC warns users of exposed AWS data that security researchers have found