<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
>
    <channel>
                    <atom:link href="https://www.itpro.com/feeds/tag/amazon-s3" rel="self" type="application/rss+xml" />
                            <title><![CDATA[ Latest from ITPro in Amazon-s3 ]]></title>
                <link>https://www.itpro.com/tag/amazon-s3</link>
        <description><![CDATA[ All the latest amazon-s3 content from the ITPro team ]]></description>
                                    <lastBuildDate>Sat, 14 Mar 2026 09:10:00 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ After 20 years, simplicity remains the ‘singular most important aspect’ of Amazon S3 ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/cloud-storage/after-20-years-simplicity-remains-the-singular-most-important-aspect-of-amazon-s3</link>
                                                                            <description>
                            <![CDATA[ Even in the age of AI, simplicity and ease of use remain core tenets for Amazon S3 ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">o2ybX3HR2Qv6dyyYajyFDk</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/cpaDjvnecrbNF7q5fMefjH-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Sat, 14 Mar 2026 09:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Cloud Storage]]></category>
                                                    <category><![CDATA[Cloud]]></category>
                                                                                                <author><![CDATA[ ross.kelly@futurenet.com (Ross Kelly) ]]></author>                    <dc:creator><![CDATA[ Ross Kelly ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Y5vrV2V98Np6jHAGmAtCd3.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Ross Kelly is ITPro&#039;s News &amp;amp; Analysis Editor, with a keen interest in cyber security, business leadership and emerging technologies.&lt;/p&gt;
&lt;p&gt;He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;In his spare time, Ross enjoys cycling, walking and is an avid reader of history and non-fiction.&lt;/p&gt;
&lt;p&gt;You can contact Ross at ross.kelly@futurenet.com or on &lt;a href=&quot;https://twitter.com/rosswritesetc&quot;&gt;Twitter&lt;/a&gt; and &lt;a href=&quot;https://www.linkedin.com/in/ross-kelly-18a54411a/&quot;&gt;LinkedIn&lt;/a&gt;.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/cpaDjvnecrbNF7q5fMefjH-1280-80.jpg">
                                                            <media:credit><![CDATA[ITPro/Ross Kelly]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Logo of Amazon Web Services (AWS), developer of the Amazon S3 storage service, pictured at the Venetian Hotel and Casino Conference Center in Las Vegas during AWS re:Invent 2025.]]></media:description>                                                            <media:text><![CDATA[Logo of Amazon Web Services (AWS), developer of the Amazon S3 storage service, pictured at the Venetian Hotel and Casino Conference Center in Las Vegas during AWS re:Invent 2025.]]></media:text>
                                <media:title type="plain"><![CDATA[Logo of Amazon Web Services (AWS), developer of the Amazon S3 storage service, pictured at the Venetian Hotel and Casino Conference Center in Las Vegas during AWS re:Invent 2025.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/cpaDjvnecrbNF7q5fMefjH-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/cloud/amazon-s3/367664/what-is-amazon-s3">Amazon Simple Storage Service (S3)</a> is 20 years old, and while simplicity was, as the name suggests, the original inspiration, it has since become a sprawling platform. </p><p>But that doesn’t mean simplicity and ease of use aren’t still core tenets of the storage service, according to Andy Warfield, vice president and distinguished engineer at <a href="https://www.itpro.com/cloud/infrastructure-as-a-service-iaas/362608/what-is-aws">Amazon Web Services (AWS)</a>. </p><p>Speaking to <em>ITPro </em>ahead of the anniversary, Warfield said simplicity is still the “singular most important aspect” of S3. When it launched in 2006, a brief <a href="https://aws.amazon.com/about-aws/whats-new/2006/03/announcing-amazon-s3---simple-storage-service/" target="_blank"><u>blog post</u></a> outlined the core goal: “Amazon S3 is the storage for the internet”. </p><p>With a simple <a href="https://www.itpro.com/strategy/29774/what-is-a-microservices-architecture">Representational State Transfer (REST)</a> interface, users could PUT (store objects) and GET (retrieve them later) with relative ease. Warfield told <em>ITPro </em>that “parking the service” behind this architecture made it simple and easy for customers to adopt.</p><p>“At the time S3 launched in 2006, a lot of the verbs that we were using and a lot of the ways that the team approached presenting storage [were] actually really guided by the existing <a href="https://www.itpro.com/network-internet/30416/http-vs-https-what-difference-does-it-make-to-security">HTTP </a>verbs,” he explained. So things like the GET and PUT support.” </p><p>“It made it incredibly easy to adopt. I think one thing that kind of taught the team, and it’s been true through the lifetime of S3, is that we do best when we focus on the customer, which you hear from us all the time, but on delivering for the customer in a way that is as simple as possible to consume so folks don’t have to do extra work.“</p><h2 id="an-explosion-of-growth-for-amazon-s3">An explosion of growth for Amazon S3</h2><p>To say Amazon S3’s growth over the last two decades would be a gross understatement. When it launched in 2006, S3 offered a total of one petabyte of storage capacity, spread across several hundred storage nodes in three data centers – it also had a maximum object limit of 5GB. </p><p>Compare that to 2026, and the numbers are jarring. As <a href="https://www.itpro.com/hardware/storage/amazon-s3-just-got-a-big-performance-boost"><u><em>ITPro </em></u><u>reported at AWS re:Invent 2025</u></a>, the service now offers a maximum object size of 50TB, marking a ten-fold increase on the original limit. </p><p>Additional figures detailed by the company emphasize the sheer scale of S3 compared to its early days. Today it boasts:</p><ul><li>500 trillion stored objects globally</li><li>200 million data requests per second</li><li>123 Availability Zones worldwide</li><li>39 AWS Regions</li></ul><p>S3’s rapid-fire growth coincided with – and benefited from – an enterprise data explosion during the late 2000s and early 2010s. Indeed, Warfield notes that in 2006, you would have been “hard pressed to find something that you wanted to put in an object that was larger than 5GB”. </p><p>But with growing camera resolutions as a simple example, the rapid accumulation of enterprise data, and the formation of data lakes, demand surged. In 2026, Warfield admits the numbers are still rather mind-boggling. </p><p>“One that stands out to me is that the service processes over a quadrillion requests every year,” he said. </p><p>“We have tens of thousands of customers who, each individually, have objects that are spread over more than 10 million hard drives,” Warfield added, noting that the prospect of an individual enterprise building a storage setup of that scale as a “wild thing to think about”. </p><h2 id="underpinning-enterprise-innovation">Underpinning enterprise innovation</h2><p>Amazon S3 quickly moved beyond being a simple object storage service. Indeed, it became the underpinning foundation and enabler of customer data innovation. </p><p>The service helped kickstart the creation and subsequent growth of data lakes, and today, more than one million of these are stored on AWS. Warfield described this as a “structural aspect of why S3 is successful”. </p><p>Enabling enterprises to host data in a single source and all in one place helped break down long-running siloes that many had battled for years. It created a “shared foundation” for data. </p><p>“The data gives them this incredible flexibility and velocity to move quickly. And the data ends up being non-zero sum in terms of future value,” he said, reflecting on discussions with one particular customer. </p><p>“They often find that data they built for one system allows them to move into another opportunity.”</p><h2 id="s3-in-the-age-of-ai">S3 in the age of AI</h2><p>S3’s flexibility in adapting to customer demands over the last 2o years has been a key factor in its longevity and success - along with that of the company at large. AWS still boasts a large hyperscale market share o alongside Google Cloud and Microsoft Azure, for example. </p><p>With the advent of generative AI raising the stakes for big tech providers, the storage service is once again evolving to accommodate skyrocketing storage demands. </p><p>Indeed, the company is heavily focused on positioning S3 as the critical foundation for AI workloads. At AWS re:Invent in December, the company officially cut the ribbon on S3 Vectors, which has generated significant excitement across the company. </p><p>When it comes to AI, vector search is used to identify similarities between specific data points. At the time, the company described vectors as a "numerical representation of unstructured data created from embedding models".</p><p>Uploading, storing, and querying vectors is costly, though which is something this particular service aims to remedy. The company claims it can reduce costs on this front by up to 90%. </p><p>“The thing that we really wanted to do with S3 Vectors was to get a vector indexing service that had the simplicity and elasticity of S3 that you could just pick it up and use it with just ten vectors, but scale to billion and trillions of vectors and pay something that was closer to storage costs because it was anchored on hard drives,” Warfield explained. </p><p>“We’ve seen incredible growth on it.”</p><h3 class="article-body__section" id="section-follow-us-on-social-media"><span>FOLLOW US ON SOCIAL MEDIA</span></h3>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Three of the biggest announcements from AWS Summit New York ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/cloud-computing/three-of-the-biggest-announcements-from-aws-summit-new-york</link>
                                                                            <description>
                            <![CDATA[ AWS may be known as a cloud services provider, but its pivot to AI services has taken the limelight ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">mPAMQbdh25iCUQFTB2g7K</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/rDtMYAEUgVWrjxroxtxwTH-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 18 Jul 2025 11:45:59 +0000</pubDate>                                                                                                                                <updated>Fri, 18 Jul 2025 11:46:20 +0000</updated>
                                                                                                                                            <category><![CDATA[Cloud Computing]]></category>
                                                    <category><![CDATA[Cloud]]></category>
                                                                                                <author><![CDATA[ jane.mccallion@futurenet.com (Jane McCallion) ]]></author>                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Wq9nnLr7TNkY8gyBRb7YsA.jpeg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jane is managing editor at ITPro and ChannelPro. She started out with the brands as a staff writer specializing in cloud computing before going on to become senior writer and reports editor, managing the content and creation of ITPro’s quarterly whitepapers. During this time, she broadened her expertise to include cybersecurity, data centers and enterprise IT infrastructure. In 2016, she became features editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, data centers, and business strategy.&lt;/p&gt;&lt;p&gt;In October 2021, she became the sites’ deputy editor, before moving to the role of managing editor in June 2024. Although she now has a more strategic role,  she is still a specialist in enterprise IT infrastructure, business strategy, and cybersecurity.&lt;/p&gt;&lt;p&gt;Jane holds an MA in journalism from Goldsmiths, University of London, and a BA in Applied Languages from the University of Portsmouth. She is fluent in French and Spanish, and has written features in both languages.&lt;/p&gt;&lt;p&gt;Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/rDtMYAEUgVWrjxroxtxwTH-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[AWS logo and branding pictured at the AWS re:Invent conference at the Venetian Hotel and Casino in Las Vegas, US, with a woman walking up stairs in foreground.]]></media:description>                                                            <media:text><![CDATA[AWS logo and branding pictured at the AWS re:Invent conference at the Venetian Hotel and Casino in Las Vegas, US, with a woman walking up stairs in foreground.]]></media:text>
                                <media:title type="plain"><![CDATA[AWS logo and branding pictured at the AWS re:Invent conference at the Venetian Hotel and Casino in Las Vegas, US, with a woman walking up stairs in foreground.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/rDtMYAEUgVWrjxroxtxwTH-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/amazon-web-services-aws/34126/amazon-web-services-review-aws-packs-in-more-features-than-any-other">Amazon Web Services (AWS)</a> hosted its latest AWS Summit this week in New York, and the importance of AI for the company was manifest in its announcements. </p><p>While the first 20 years of its existence and success has been firmly rooted in the cloud, like all of its rivals and many more companies that wouldn’t be considered direct competitors it has turned its attention to riding the <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369959/what-is-generative-ai">generative AI</a> wave. </p><p>With the advent of <a href="https://www.itpro.com/technology/artificial-intelligence/agentic-ai-is-coming-for-customer-service-jobs">agentic AI</a>, the latest industry buzzword, the situation for AWS is no different. </p><p>So without further ado, these are the three most important announcements to come out of AWS Summit New York 2025.</p><h2 id="amazon-bedrock-agentcore">Amazon Bedrock AgentCore</h2><p>Two of the key concerns around AI agents and generative AI in business are security and governance. Can organizations be certain that the AI service they’re using isn’t leaking data and that data is stored and accessed in a way that complies with regulations, such as GDPR for example.</p><p>AgentCore, the latest addition to AWS’ <a href="https://www.itpro.com/technology/artificial-intelligence/aws-bedrock-distances-firm-from-microsoft-google-in-generative-ai-race"><u>managed generative AI service Amazon Bedrock</u></a>, aims to solve these issues as well as maintaining reliability all while ensuring the agents can continue to operate autonomously.</p><p>AgentCore is composed of seven different services. These include Gateway, which provides AI agents access to tools like APIs and Lambda functions securely, and Browser Tool, which (as the name would suggest) allows agents to securely access websites through a cloud-based browser. </p><p>Meanwhile, Memory lets developers create context-aware agents with long-term and short-term memory.</p><p>According to AWS, all this aids developers in moving an AI agent from proof of concept to an application that can scale for millions of users.</p><h2 id="ai-agents-and-tools-in-aws-marketplace">AI Agents and Tools in AWS Marketplace</h2><p>If you don’t have the capacity or desire to build your own agents, but still want to take advantage of agentic AI, this second key announcement is for you.</p><p>During his keynote, Swami Sivasubramanian, AWS VP for Agentic AI, said the <a href="https://www.itpro.com/627952/what-is-cloud-computing">cloud computing</a> giant is on a mission to improve access to AI agents for enterprises. </p><p>“Building specialized agents in-house requires expertise across multiple domains, not just from large language models, but also with specific business functions,” he said.</p><p>“No organization can be an expert in everything – nor should they be – and just as today’s software ecosystem thrives on third-party APIs, tomorrow's AI agents will need to integrate specialized capabilities from across organizations, providers and systems.”</p><p>Key to driving access here is the new AI Agents and Tools service in AWS Marketplace. The offering will allow customers to “discover, buy, deploy, and manage AI agents and tools from leading providers”, according to AWS.</p><p>Anthropic, Brave, Snowflake, IBM and Agentforce were all named during Sivasubramanian’s keynote, among others.</p><h2 id="amazon-s3-vectors">Amazon S3 Vectors</h2><p>The final of our top three most important announcements is <a href="https://www.itpro.com/cloud/amazon-s3/367664/what-is-amazon-s3">Amazon S3</a> Vectors, which most obviously marries together AWS’ cloud storage pedigree with its AI pivot. </p><p>S3 Vectors is a cloud object storage offering with native vector support for AI workloads. According to AWS, it can reduce the cost of storing and querying vectors by “up to 90% compared to conventional methods.</p><p>It also integrates with Amazon Bedrock Knowledge Bases and OpenSearch Service, which, the company claims, streamlines and reduces the costs of RAG and vector search operations.</p><p>In his keynote, Sivasubramanian said the service was “ideal for infrequent query workloads like batch processing and non-real time agentic apps”.</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/business/digital-transformation/pegasystems-teams-up-with-aws-to-supercharge-it-modernization">Pegasystems teams up with AWS to supercharge IT modernization</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence/aws-wants-to-drastically-cut-down-ai-hallucinations-heres-how-it-plans-to-do-it">AWS wants to drastically cut down AI hallucinations – here's how it plans to do it</a></li><li><a href="https://www.itpro.com/cloud/cloud-computing/global-cloud-spending-canalys-q1-2025">Global cloud spending might be booming, but AWS is trailing Microsoft and Google</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign – and they’ve already claimed two victims ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/cyber-attacks/hackers-are-turning-amazon-s3-bucket-encryption-against-customers-in-new-ransomware-campaign-and-theyve-already-claimed-two-victims</link>
                                                                            <description>
                            <![CDATA[ Attackers are using AWS’ server-side encryption to conduct ransomware attacks ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">WQLfKiju3zgxj8ENzfzsej</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/pAPsDWhm846yF399FCxRzV-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 15 Jan 2025 13:38:54 +0000</pubDate>                                                                                                                                <updated>Wed, 15 Jan 2025 15:30:15 +0000</updated>
                                                                                                                                            <category><![CDATA[Cyber Attacks]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ solomon.klappholz@futurenet.com (Solomon Klappholz) ]]></author>                    <dc:creator><![CDATA[ Solomon Klappholz ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/z2aSrrbwGAyWwinHzGraAP.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.&lt;/p&gt;
&lt;p&gt;Before he joined ITPro, Solomon graduated from the University of Warwick in 2018 with a BA (Hons) in Philosophy, Politics, and Economics which included an intercalated year studying Philosophy at the Erasmus University, Rotterdam.&lt;/p&gt;
&lt;p&gt;Outside of the office, Solomon enjoys reading, visiting new art exhibitions, and playing football.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/pAPsDWhm846yF399FCxRzV-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[AWS logo on smartphon with blurred background]]></media:description>                                                            <media:text><![CDATA[AWS logo on smartphon with blurred background]]></media:text>
                                <media:title type="plain"><![CDATA[AWS logo on smartphon with blurred background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/pAPsDWhm846yF399FCxRzV-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Hackers who were able to steal data belonging to two <a href="https://www.itpro.com/amazon-web-services">AWS</a> customers used the platform’s encryption capabilities to conduct a novel type of ransomware attack, researchers have warned.</p><p>A new <a href="https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c" target="_blank">report</a> from cyber resilience firm Halcyon’s RISE team identified a new ransomware campaign targeting <a href="https://www.itpro.com/cloud/amazon-s3/367664/what-is-amazon-s3">Amazon S3 buckets</a>, where the attackers leverage AWS’ server-side encryption along with the Customer Provided Keys (SSE-C) to encrypt victim data.</p><p>The group, referred to as ‘Codefinger’ in the report, is reported to have attacked at least two victims, but the technique represents a worrying development as it requires no exploitation of vulnerabilities in the <a href="https://www.itpro.com/security/cyber-security/367396/denonia-named-as-first-malware-to-target-aws-lambda-platform">AWS platform</a>.</p><p>Instead, if the threat actor is able to steal a customer’s account credentials they are able to use AWS’ secure <a href="https://www.itpro.com/security/31775/what-is-public-key-infrastructure-pki">encryption infrastructure</a> to lockdown the victim’s data, with no known method of recovery without meeting their demands.</p><p>The attacker generates and stores <a href="https://www.itpro.com/security/29671/what-is-aes-encryption">AES-256 encryption</a> keys locally, and Halcyon noted that because AWS does not store the encryption key it cannot help recover the data when victims report an attack.</p><p>AWS only logs a hash-based message authentication code (HMAC) of the key in its governance service, which the report states is insufficient for <a href="https://www.itpro.com/security/ransomware/359040/weakness-in-mamba-ransomware-could-help-recover-data-back">recovering any encrypted data</a>, or for forensic analysis of the attack either.</p><p>Once they have encrypted the victim’s assets, the files are marked for deletion within seven days in order to coerce the victims into paying, warning them not to try to alter their <a href="https://www.itpro.com/cloud/370347/multi-cloud-over-permissioning-causing-cyber-risk-headaches-for-businesses">account permissions</a> and interfere with their access.</p><h2 id="hardening-amazon-s3-to-avoid-compromise">Hardening Amazon S3  to avoid compromise </h2><p>The report noted that although <a href="https://www.itpro.com/tag/amazon">Amazon’s</a> server-side encryption feature has been around for some time, this looks like the first time ransomware operators have used it for malicious purposes, stating that it identified two victims who were impacted by the attack “in recent weeks”.</p><p>Halcyon said AWS users can mitigate the threat and harden their AWS environments by restricting SSE-C usage, monitoring and auditing their keys, and implementing advanced logging.</p><p>Customers should regularly review permissions for their <a href="https://www.itpro.com/security/malware/this-malware-is-trying-to-steal-your-aws-keys-and-more-heres-how-to-protect-yourself">AWS keys</a>, Halcyon advised adding they should also disable unused keys and rotate active keys frequently.</p><p><em>ITPro</em> approached AWS for a statement on the technique and a spokesperson for the firm said it protects customers to the best of its ability when their <a href="https://www.itpro.com/security/github-scrambles-to-rotate-keys-after-credentials-in-production-containers-were-potentially-exposed">keys are exposed</a>, pointing to its shared responsibility model for cloud assets.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="7jCo7bCRjf7Ev2wpdNzvBn" name="Reinventing procurement_ From cost center to innovation driver (1).jpg" caption="" alt="Man working at his desk with a monitor" src="https://cdn.mos.cms.futurecdn.net/7jCo7bCRjf7Ev2wpdNzvBn.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Amazon Business)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/reinventing-procurement"><em>Discover how AI and ML are influencing procurement</em></a></p></div></div><p>“AWS helps customers secure their cloud resources through a shared responsibility model. Anytime AWS is aware of exposed keys, we notify the affected customers,” the spokesperson said.</p><p>“We also thoroughly investigate all reports of exposed keys and quickly take any necessary actions, such as applying quarantine policies to minimize risks for customers without disrupting their <a href="https://www.itpro.com/software/366126/how-byod-is-re-shaping-the-it-environment">IT environment</a>.”</p><p>The spokesperson added that all customers are strongly advised to act quickly if they believe their credentials may have been compromised.</p><p>“We encourage all customers to follow security, identity, and compliance best practices. In the event a customer suspects they may have exposed their credentials, they can start by following the steps listed in this post. As always, customers can contact <a href="https://www.itpro.com/cloud/cloud-security/aws-users-are-getting-a-big-security-boost-with-passkey-support">AWS Support</a> with any questions or concerns about the security of their account.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ AWS opens physical sites for fast data uploads – but it could cost you up to $500 an hour ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/cloud-computing/aws-opens-physical-sites-for-fast-data-uploads-but-it-could-cost-you-up-to-usd500-an-hour</link>
                                                                            <description>
                            <![CDATA[ Amazon Web Service (AWS) has launched a new Data Transfer Terminal service to allow customers to upload data to the cloud from a physical site. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pr5a9YAT9em3WSuRvMzm6U</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/up7KoVRatQ55Re8Gti5rFT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 02 Dec 2024 12:06:26 +0000</pubDate>                                                                                                                                <updated>Mon, 02 Dec 2024 14:14:49 +0000</updated>
                                                                                                                                            <category><![CDATA[Cloud Computing]]></category>
                                                    <category><![CDATA[Cloud]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/up7KoVRatQ55Re8Gti5rFT-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Amazon Web Services (AWS) logo pictured illuminated at Web Summit in Lisbon with attendees walking by.]]></media:description>                                                            <media:text><![CDATA[Amazon Web Services (AWS) logo pictured illuminated at Web Summit in Lisbon with attendees walking by.]]></media:text>
                                <media:title type="plain"><![CDATA[Amazon Web Services (AWS) logo pictured illuminated at Web Summit in Lisbon with attendees walking by.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/up7KoVRatQ55Re8Gti5rFT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/cloud/infrastructure-as-a-service-iaas/362608/what-is-aws">Amazon Web Services (AWS)</a> customers will soon be able to book time slots at physical locations to connect their storage devices and upload data to the cloud.</p><p>Data can be uploaded to any AWS endpoint, including <a href="https://www.itpro.com/cloud/amazon-s3/367664/what-is-amazon-s3">Amazon S3</a>, Amazon Elastic File System (Amazon EFS), or others, using a high throughput connection of up to up to 400Gbps.</p><p>Each AWS Data Transfer Terminal will house a patch panel, fiber optic cable and a PC for monitoring data transfer jobs, the hyperscaler revealed. Terminals will be charged by the hour, with no per GB charge for the data transfer if the data remains in the same continent. </p><p>The first two Data Transfer Terminals are already up and running in Los Angeles and New York, with plans to launch more globally. </p><p>So far, the company is only listing charges for US-to-US transfers - $300 per hour - and US-to-EU at $500.</p><p>"On your reserved date and time, visit the location and confirm access with the building reception. You’re escorted by building staff to the floor and your reserved room of the Data Transfer Terminal location," said Channy Yun, principal developer advocate for AWS Cloud.</p><p>"Don’t be surprised if there are no AWS signs in the building or room. This is for security reasons to keep your work location as secret as possible."</p><p>The company said the terminals will significantly cut the time it takes to upload large amounts of data, meaning ingested data can be processed within minutes.</p><p>Customers can then analyze large datasets using Amazon Athena, train and run machine learning models with ingested data using <a href="https://www.itpro.com/cloud/amazon-web-services-aws/354268/aws-ramps-up-sagemaker-tools-at-reinvent">SageMaker</a>, or build scalable applications using <a href="https://www.itpro.com/cloud/370070/what-is-aws-ec2">Amazon EC2</a>.</p><p>"After the data is uploaded to AWS, you can use the extensive suite of AWS services to generate value from your data and accelerate innovation," Yun commented.</p><p>"You can also bring your AWS Snowball devices to the location for upload and retain the device for continued use and not rely on traditional shipping methods."</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="axwbqykwwiqhK3sDMvXoGG" name="2024 State of procurement report (1).jpg" caption="" alt="Man working in a field" src="https://cdn.mos.cms.futurecdn.net/axwbqykwwiqhK3sDMvXoGG.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Amazon Business)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business/the-future-of-business/2024-state-of-procurement-report"><em>Activities that procurement teams should focus on</em></a></p></div></div><p>Suggested use cases include video production data for processing in the media and entertainment industry, training data for Advanced Driver Assistance Systems (ADAS) in the automotive industry, or migrating legacy data in the financial services industry. </p><p>The hyperscaler also noted the service could help support uploads of equipment sensor data in the industrial and agricultural sectors. </p><p>"You can upload large datasets from fleets of vehicles operating and collecting data in metro areas for training machine learning models, digital audio and video files from content creators for media processing workloads, and mapping or imagery data from local government organizations for geographic analysis," said Yun.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ New Amazon S3 Express One Zone promises 10x performance boost ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/cloud-storage/new-amazon-s3-express-one-zone-promises-10x-performance-increase</link>
                                                                            <description>
                            <![CDATA[ Amazon S3 Express One Zone offers some serious performance improvements on the standard edition ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4xKUHgxDibHmkjabPpAYgZ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XcWvC82mDbVWwh6qjQm6SW-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 28 Nov 2023 22:10:40 +0000</pubDate>                                                                                                                                <updated>Wed, 29 Nov 2023 13:14:05 +0000</updated>
                                                                                                                                            <category><![CDATA[Cloud Storage]]></category>
                                                    <category><![CDATA[Cloud]]></category>
                                                                                                <author><![CDATA[ ross.kelly@futurenet.com (Ross Kelly) ]]></author>                    <dc:creator><![CDATA[ Ross Kelly ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Y5vrV2V98Np6jHAGmAtCd3.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Ross Kelly is a staff writer at ITPro, ChannelPro, and CloudPro, with a keen interest in cyber security, business leadership and emerging technologies.&lt;/p&gt;
&lt;p&gt;He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;In his spare time, Ross enjoys cycling, walking and is an avid reader of history and non-fiction.&lt;/p&gt;
&lt;p&gt;You can contact Ross at ross.kelly@futurenet.com or on &lt;a href=&quot;https://twitter.com/rosswritesetc&quot;&gt;Twitter&lt;/a&gt; and &lt;a href=&quot;https://www.linkedin.com/in/ross-kelly-18a54411a/&quot;&gt;LinkedIn&lt;/a&gt;.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XcWvC82mDbVWwh6qjQm6SW-1280-80.jpg">
                                                            <media:credit><![CDATA[AWS]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Amazon S3 Express One Zone announcement at AWS re:Invent in Las Vegas, Nevada]]></media:description>                                                            <media:text><![CDATA[Amazon S3 Express One Zone announcement at AWS re:Invent in Las Vegas, Nevada]]></media:text>
                                <media:title type="plain"><![CDATA[Amazon S3 Express One Zone announcement at AWS re:Invent in Las Vegas, Nevada]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XcWvC82mDbVWwh6qjQm6SW-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>AWS has unveiled its new Amazon S3 Express One Zone storage offering, promising marked performance and speed improvements on its standard edition. </p><p>CEO Adam Selipsky revealed the move during his keynote address at the annual AWS re:Invent conference in Las Vegas today alongside a slew of product updates which included the <a href="https://www.itpro.com/technology/artificial-intelligence/aws-unveils-amazon-q-a-genuine-enterprise-grade-ai-assistant">launch of its ‘Amazon Q’ generative AI assistant</a>.</p><p>Selipsky told attendees that One Zone represents the next iteration of the popular cloud storage offering, which is 17 years old at this stage.</p><p>The new high-performance, low-latency storage class offers a 10x improvement on data access speeds in addition to a 50% lower request cost compared to Amazon S3 standard.</p><p>This equates to single-digit millisecond data access for customers.</p><p>The update comes amid a period of intense ML and AI-related workload demands from customers, the company said in a statement.</p><p>“Amazon S3 Express One Zone is the most performant storage class for request-intensive operations such as machine learning (ML) training and inference, interactive analytics, and media content creation,” the firm said in a statement.</p><h2 id="amazon-s3-express-one-zone-is-tailor-made-for-ai-xa0">Amazon S3 Express One Zone is tailor-made for AI </h2><p>Focusing heavily on supporting intensive AI workload capacities, AWS confirmed the launch of a new bucket type, dubbed an <a href="https://www.itpro.com/cloud/amazon-s3/367664/what-is-amazon-s3"><u>Amazon S3</u></a> directory bucket.</p><p>The cloud giant said customers will be able to create new directory buckets “with just a few clicks”, allowing them to upload new objects directly or copy objects from existing datasets in other S3 storage classes.</p><div  class="fancy-box"><div class="fancy_box-title">MORE RE:INVENT NEWS</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="TBg9mrJjXu8iaMkPLAjgFo" name="GettyImages-1245247316.jpg" caption="" alt="A bright white AWS logo hanging from the ceiling above the busy conference floor of AWS Re:Invent" src="https://cdn.mos.cms.futurecdn.net/TBg9mrJjXu8iaMkPLAjgFo.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/aws-unveils-amazon-q-a-genuine-enterprise-grade-ai-assistant">AWS unveils ‘Amazon Q’, its own enterprise-grade AI assistant</a><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/aws-eyes-ai-powered-code-remediation-features-in-amazon-codewhisperer-update">AWS eyes AI-powered code remediation in Amazon CodeWhisperer update</a><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/aws-and-kyndryl-customers-to-benefit-from-an-innovation-factory-thats-ready-to-churn-out-new-ai-capabilities">AWS and Kyndryl customers to benefit from an &apos;Innovation Factory&apos; that&apos;s ready to churn out new AI capabilities</a></p></div></div><p>Traditionally, customers have been able to choose specific <a href="https://www.itpro.com/cloud/cloud-computing/370167/aws-invests-6-billion-malaysia-cloud-expansion-sea-competition-heats-up">AWS Regions</a> to store S3 data. However, the latest update also means users can now choose to co-locate One Zone data in the same availability zone as compute resources.</p><p>AWS said this will help “lower compute costs and run workloads faster”.</p><p>“Millions of customers rely on Amazon S3 for everything from low-cost archival storage to petabyte-scale data lakes, and they want to expand their use to support their most performance-intensive applications where every millisecond counts,” said James Kirschner, GM for Amazon S3 at <a href="https://www.itpro.com/tag/amazon-web-services">AWS</a>.</p><p>“Amazon S3 Express One Zone delivers the fastest data access speed for the most latency-sensitive applications and enables customers to make millions of requests per minute for their highly accessed datasets, while also reducing request and compute costs.”</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="VCgyyComZAeiVryBs3mKzB" name="Accelerate_machine_EN_listing.jpg" caption="" alt="Whitepaper from AWS on machine learning innovations with cloud services, with image of two female colleagues looking at a notepad" src="https://cdn.mos.cms.futurecdn.net/VCgyyComZAeiVryBs3mKzB.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: AWS)</span></figcaption></figure><p class="fancy-box__body-text"><em>Discover how you can build on a solid foundation for machine learning success<br></em><br><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/machine-learning/accelerate-machine-learning-innovation-with-the-right-cloud-services-and-infrastructure">DOWNLOAD NOW</a></p></div></div><p>The announcement marks the latest major update to Amazon S3 in recent years and underlines the continued longevity – and popularity – of the service.</p><p>In 2021, the tech giant added S3 Object Lambda, a service which enabled users to add their own proprietary code to process data retrieval from buckets before it is returned to an application.</p><p>2021 also saw the addition of the <a href="https://www.itpro.com/cloud/367950/one-of-techs-most-elusive-mysteries-the-secret-of-amazon-glacier">S3 Glacier Instant Retrieval</a> function, also unveiled at its re:Invent conference.</p><p>The archive storage class offered low-cost storage for older datasets that are typically not accessed.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Setting up and securing Amazon S3 storage ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/cloud-storage/setting-up-and-securing-amazon-s3-storage</link>
                                                                            <description>
                            <![CDATA[ Everything you need to know about setting up and securing Amazon’s Simple Storage Services ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">deHKVFmwg5o4pT95NtBe6H</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ZiwvTceVhbyHa3GJPC9AR5-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 25 Jul 2023 09:00:00 +0000</pubDate>                                                                                                                                <updated>Mon, 27 Nov 2023 13:31:43 +0000</updated>
                                                                                                                                            <category><![CDATA[Cloud Storage]]></category>
                                                    <category><![CDATA[Cloud]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Webb ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ZiwvTceVhbyHa3GJPC9AR5-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A depiction of cloud storage ]]></media:description>                                                            <media:text><![CDATA[A depiction of cloud storage ]]></media:text>
                                <media:title type="plain"><![CDATA[A depiction of cloud storage ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ZiwvTceVhbyHa3GJPC9AR5-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Amazon Web Services S3 buckets provide flexible, highly scalable, and cost-effective cloud-based, high-availability bulk data storage, suitable for everything from backups to big data, to hosting for media, files, and web apps.</p><p><br></p><div  class="fancy-box"><div class="fancy_box-title">MORE ON AWS</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Ya7fNxPnaPJCSgoP7EYLWE" name="Ya7fNxPnaPJCSgoP7EYLWE.jpg" caption="" alt="The Amazon Web Services dashboard" src="https://cdn.mos.cms.futurecdn.net/Ya7fNxPnaPJCSgoP7EYLWE.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Future)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/amazon-web-services-aws/34126/amazon-web-services-review-aws-packs-in-more-features-than-any-other">For more on Amazon S3, read our complete review of Amazon Web Services</a></p></div></div><p>S3 – short for <a href="https://www.itpro.com/cloud/amazon-s3/367664/what-is-amazon-s3">Simple Storage Services</a> – is popularly used for data storage, everything you upload is stored as a key-value pair with a unique name and the stored data as its value. This effectively means that it&apos;s a lightweight NoSQL database that can hold a vast amount of structured data, which can then be easily queried for analysis via S3 Select API calls. </p><p><br></p><p>Critically, S3 doesn&apos;t care what the data you&apos;re storing is – you can stuff anything into an S3 bucket, with a maximum individual object size of 5TB and unlimited total storage, as long as you&apos;re prepared to pay for it.</p><p><br></p><h2 id="setting-up-and-securing-amazon-s3-storage">Setting up and securing Amazon S3 storage</h2><p>There are several different S3 storage classes. This guide primarily addresses S3 Standard storage, intended for "<a href="https://www.itpro.com/cloud/cloud-storage/359582/the-hot-cloud-storage-guide-to-backup-and-recovery">hot" data</a> that&apos;s going to be regularly accessed. But it&apos;s worth being aware of your options, particularly if you anticipate eventually archiving your data to cold storage in <a href="https://www.itpro.com/amazon-web-services-aws/34126/amazon-web-services-review-aws-packs-in-more-features-than-any-other">Amazon&apos;s cloud</a>.</p><p><br></p><p>These include S3 Intelligent-Tiering, which can potentially save money by automatically moving your least-accessed data to cheaper storage, Infrequent Access (IA) tiers that cost less than hot storage but still allow data to be accessed within milliseconds, and the Glacier tiers, which cost a lot less have increasingly slow retrieval times – up to 12 hours in the case of S3 Glacier Deep Archive <a href="https://www.itpro.com/cloud/cloud-storage/362367/best-cloud-storage-for-the-uk">storage</a>.</p><p><br></p><p>While costing your deployment is beyond the scope of this article, we recommend using the AWS Pricing Calculator and billing alarms to help you avoid any unpleasant surprises. Amazon provides a helpful step-by-step deployment guide, but the density of the reference documentation for S3 means that it can be challenging to winnow out exactly which of S3&apos;s many options you need.</p><p><br></p><p>The convenience of setting up and using S3 storage, particularly if your data set is never intended to be made available to the public, can be deceptively simple. With both hackers and white hat cybersecurity professionals routinely scanning for unsecured S3 buckets using a variety of effective free tools, security through obscurity isn&apos;t going to cut it here.</p><p><br></p><p>Its default options have been beefed up in recent years, to minimize the danger of accidentally exposing the personal data of your staff, customers, or citizens, but it&apos;s still important to ensure that your S3 deployment is appropriately planned, configured, and secured for your use case.</p><p><br></p><p>In this guide, we&apos;ll take you through the key considerations you should apply to every S3 deployment, from planning to access and version control, through logging and multi-factor authentication.</p><p><br></p><h3 class="article-body__section" id="section-amazon-s3-setup"><span>Amazon S3 setup</span></h3><p>Before setting up your S3 bucket, you should decide what it is – and isn&apos;t – going to be used for. Different use cases require different options and settings on the bucket, and some settings, such as S3 Object Lock, can only be set when the bucket is deployed, and cannot be changed later. This is also a good time to work out who or what will be accessing it, how they will be doing that, and from where. Document all of this for clarity, and to prevent function creep in the future. You don&apos;t want to find that people have been storing critical documents in your low-priority off-site backup store, or that access to these documents is too slow because you created the bucket in the wrong AWS region.</p><p><br></p><p>Local legal requirements should also be taken into consideration when choosing the AWS region in which your bucket will reside, such as <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">EU requirements for data </a>protection. If you&apos;re unsure about this, choose the AWS region in your country if there is one, or – if your country doesn&apos;t have its own AWS region – consult someone who knows the legal requirements and can advise on which regions are suitable.</p><p><br></p><h3 class="article-body__section" id="section-amazon-s3-retention-and-deletion-protection"><span>Amazon S3 retention and deletion protection</span></h3><p>Depending on the usage case for your bucket, you may wish to enable the S3 Object lock, or WORM (Write Once Read Many) mode. This means that once a file has been uploaded to the bucket, it cannot be deleted or modified in any way. This is useful in cases such as storing copies of quarterly <a href="https://www.itpro.com/server-storage/backup/357713/how-good-is-your-backup-really">backups</a>, or accounting files needed for compliance. Files stored in buckets with this enabled will be preserved unchanged until the end of their retention period. </p><p><br></p><p>Alternatively, you may wish to enable versioning for objects in this bucket, if it is to be used to store critical files, or disable it, for example, if this is a backup store, as the backup software should take care of that. </p><h3 class="article-body__section" id="section-lifecycle-settings"><span>Lifecycle settings</span></h3><p>Once you&apos;ve created your bucket, you&apos;ll want to set some lifecycle rules to keep it in check. Rules can be set up to move files to less expensive storage classes after a specified period of time, delete older versions of files in buckets with versioning enabled, and perform basic housekeeping tasks. At the very least, you would probably want a set of rules to move objects from primary instant-availability storage to a lower cost tier such as Glacier after a time, and then eventually purge outdated files, so as to keep costs down.</p><p><br></p><h3 class="article-body__section" id="section-s3-default-encryption"><span>S3 Default Encryption</span></h3><p>Since January 2023, S3 has automatically encrypted all new objects uploaded to it using AES-256 hashing with server-side S3-managed (SSE-S3) keys, at no additional cost to users. This default option now has to be deliberately opted out of if you require an alternative approach, while it was previously an opt-in setting, which contributed to unnecessarily poor security on some users&apos; buckets.</p><p><br></p><p>Note that objects in a bucket predating the new default, which had not previously been opted into S3 default encryption, can be manually encrypted to the same standard using a batch operation.</p><p><br></p><p>While SSE-S3 encryption is the default standard, you can also enable SSE-KMS, another approach to server-size encryption which uses the AWS Key Management Service. A dual-layer version, DSSE-KMS is also available, and customers can alternatively deploy their own keys using SSE-C, server-side encryption with customer-provided keys. While different objects in your bucket can use different encryption methods, you can&apos;t apply multiple types of encryption to a single object.</p><h3 class="article-body__section" id="section-access-management"><span>Access management</span></h3><p>To control access to your new bucket for either people or processes, you will need access keys. Whilst you can generate these as your AWS admin user, you very much should not do so. It&apos;s better for your security if you create a dedicated user in IAM (AWS <a href="https://www.itpro.com/security/identity-and-access-management-iam/358827/what-is-customer-identity-and-access-management">Identity and Access Management</a>) for each process or person requiring access, granting them the minimum rights required, for example read-only, read-write, or full S3 access. Security keys can then be created for these users from their IAM details page.</p><p><br></p><h3 class="article-body__section" id="section-version-control"><span>Version control</span></h3><p>For those who require more granular access control, access policies can be used. These are written in JSON, and if you wish you can input that directly. However, for the majority of users who&apos;d prefer not to do that, there is a policy generator. Set the policy type to S3 Bucket policy then configure the required access conditions. Example policies are also available at this stage to assist with this process.</p><p><br></p><p>If your bucket is to be used for storing regularly accessed files, rather than as a backup or archive of some form, you may wish to enable versioning. This will allow you to revert any object stored in the bucket to any previous version, limited only by the retention policies set in your lifecycle rules for this bucket. Lifecycle policies can be used to move older versions to cheaper storage tiers or delete them completely after a given time. Care should be taken when setting these rules to balance the utility of being able to revert files to previous versions against the increased storage costs this incurs. </p><p><br></p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:731px;"><p class="vanilla-image-block" style="padding-top:65.39%;"><img id="wrcor94BiaJkS3dgx4JoHA" name="GettyImages-1413751713.jpg" alt="A person using cloud storage services on a laptop" src="https://cdn.mos.cms.futurecdn.net/wrcor94BiaJkS3dgx4JoHA.jpg" mos="" align="middle" fullscreen="" width="731" height="478" attribution="" endorsement="" class=""></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Getty)</span></figcaption></figure><h3 class="article-body__section" id="section-replication"><span>Replication</span></h3><p>If the objects to be stored in your bucket are critical, then you may wish to enable replication. This feature automatically – but asynchronously – copies objects from one S3 bucket to another, usually within 15 minutes of the initial object&apos;s creation. This ensures that there&apos;s never a single point of failure for your most critical data.</p><p><br></p><p>You can configure replication rules to replicate certain classes of objects in the bucket, or its entire contents. The replication target will be another S3 bucket, either in the same region as the original or in a different region. Note that data transfer charges will apply to data moving between regions, so bear this in mind when deciding on your replication setup. Likewise, the target bucket will also need its own lifecycle policy.</p><p><br></p><h3 class="article-body__section" id="section-logging-monitoring-and-auditing"><span>Logging, monitoring and auditing</span></h3><p>If required, you can enable either basic access logging, event auditing, or both for your bucket. This will allow you to keep track of who accessed what data and when, and make it easier to spot any unauthorized access to these objects. It&apos;s thus highly recommended.</p><p><br></p><p>AWS&apos;s monitoring tools for S3 include alarms that will alert you if any selected metric (such as storage in use) passes a specified threshold, detailed user activity and server access logs, and "AWS Trusted Advisor", an automatic inspection and recommendation tool that will inspect and make security and configuration recommendations for your S3 bucket.</p><p><br></p><h3 class="article-body__section" id="section-security"><span>Security</span></h3><p>There are two forms of access used in most cases with S3 buckets. Interactive user access and programmatic key-based access. For interactive users, <a href="https://www.itpro.com/security/cyber-security/369745/what-is-mfa-fatigue">multi-factor authentication</a> (MFA) should always be enabled, and the users&apos; rights should be limited to the minimum required. You should not be using your AWS admin account when accessing the bucket contents, but rather a lower privileged account setup for the purpose.</p><p><br></p><p>For programmatic key-based access, such as your backup software storing its nightly backups in the S3 bucket, the access keys should be rotated periodically. This helps to avoid any unauthorized access incidents resulting from keys that may have leaked. It also familiarises you, as the admin, with AWS&apos;s key rotation procedure, which is important as this will need to be done promptly as and when staff leave the organization, or in response to security incidents.</p><p>For those developing software that uses an S3 bucket as storage, be especially careful not to commit the access keys to any public (or even internal) code repository. There have been many security incidents reported by the press caused by someone carelessly committing an access key to <a href="https://www.itpro.com/open-source/31833/what-is-github">Github</a> or similar.</p><p><br></p><h3 class="article-body__section" id="section-common-s3-code-errors"><span>Common S3 code errors</span></h3><p>When it comes to configuration, the AWS Share Responsibility Model warns users that they are responsible for security &apos;in&apos; the cloud. AWS takes care of security out of the cloud, so the user is liable for the changes they make that publicly expose their own data. Thankfully, the most common misconfigurations are avoidable.</p><p>Arguably the most common S3 error code is the 403 &apos;AccessDenied&apos; code. This is usually a case of bucket and object ownership. If the error is from &apos;GetObject&apos; or &apos;HeadObject&apos; requests, you should check whether the object is also owned by the bucket&apos;s owner – if you are the bucket owner, then you should check the access control list (ACL) permissions. An S3 object is, by default, owned by the AWS account that uploaded it. If other accounts have permission to upload to your bucket, then you would need to verify the account that owns that object – also verify who can access it.</p><p><br></p><p>Another common error is "MultiRegionAccessPointModifiedByAnotherRequest" or error code &apos;200&apos;. These can crop up for a range of reasons but they are all to do with regional access points. So, for example, an action failed because another request is modifying a specific resource. Or you have a multi-region access point with the same name. </p><p>For a complete list of error codes, see the AWS Error Response page <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html">here</a>.</p><h3 class="article-body__section" id="section-s3-pricing"><span>S3 pricing </span></h3><p>You can start using S3 for free, though you will be charged for what you use. Essentially you don&apos;t pay to have a bucket, but you do pay for putting stuff in said bucket and the amount you pay is dependent on the size of the objects you store and how long you store them. You will also be charged on the tier of S3 service you use – Standard, Intelligent-Tiering, Standard-Infrequent Access, S3 One Zone-Infrequesnt Access, Glacier Instant Retrieval, Flexible Retrieval, and Glaxer Deep Archive.</p><p><br></p><p>AWS provides an online <a href="https://calculator.aws/#/addService/S3">calculator</a> to work out your fees. You need to consider ingest and transfer costs first, but you simply estimate your region, your storage needs, and your preferred tiering. So, for example, if you were to set up S3 with California (US West Coast) as the region and wanted 10TB stored per month in S3 Standard, the monthly fee would be $267. </p><p><br></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ What is Amazon S3? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/amazon-s3/367664/what-is-amazon-s3</link>
                                                                            <description>
                            <![CDATA[ Everything you need to know about Amazon S3, one of the world’s most popular cloud storage services ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">c7ZMMeCjqg4Uotge4UBVcr</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/d4evU75j3CBZf2cfhQHdn8-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 16 May 2022 07:00:08 +0000</pubDate>                                                                                                                                <updated>Mon, 27 Nov 2023 12:31:17 +0000</updated>
                                                                                                                                            <category><![CDATA[Public Cloud]]></category>
                                                    <category><![CDATA[Cloud]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (Bobby Hellard) ]]></author>                    <dc:creator><![CDATA[ Bobby Hellard ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/bsR2tHSyVKUoyXZF5pNsDA.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Bobby Hellard&amp;nbsp;is&amp;nbsp;ITPro&#039;s Reviews Editor and has worked on&amp;nbsp;CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.&lt;/p&gt;
&lt;p&gt;Bobby mainly covers hardware reviews, but you will also recognise him as the face of many of our video reviews of laptops and smartphones.&lt;/p&gt;
&lt;p&gt;He has been a journalist for ten years, originally covering sports, before moving into business technology with ITPro. He has bylines in The Independent, Vice and The Business Briefing. Contact him at &lt;a href=&quot;mailto:bobby.hellard@futurenet.com&quot;&gt;bobby.hellard@futurenet.com&lt;/a&gt; or find him on Twitter: &lt;a href=&quot;https://twitter.com/bobbyhellard&quot;&gt;@bobbyhellard&lt;/a&gt;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/d4evU75j3CBZf2cfhQHdn8-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A yellow and white AWS sign hanging in front of a building]]></media:description>                                                            <media:text><![CDATA[A yellow and white AWS sign hanging in front of a building]]></media:text>
                                <media:title type="plain"><![CDATA[A yellow and white AWS sign hanging in front of a building]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/d4evU75j3CBZf2cfhQHdn8-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Amazon S3 is the company&apos;s premier object storage service, and one of the first products it brought to market. It remains one of the most popular storage services available today, working in tandem with, and underpinning, most of <a href="https://www.itpro.com/tag/amazon">Amazon</a>&apos;s other customer-facing services.</p><p>Amazon S3 is regularly updated with new features and storage capabilities, and patches that are designed to improve data protection and security.</p><h2 id="what-is-amazon-s3">What is Amazon S3?</h2><p>Amazon Simple Storage – or Amazon S3 as it is more commonly known – is an <a href="https://www.itpro.com/cloud/cloud-storage/354665/what-can-companies-learn-from-object-storage-pioneers">object storage service</a>. It offers unlimited, flexible cloud storage for seemingly any use case, whether that’s <a href="https://www.itpro.com/business-strategy/28163/what-is-big-data-analytics">big data analysis</a>, <a href="https://www.itpro.com/cloud/355348/the-it-pro-podcast-building-cloud-native-apps">cloud-native applications</a>, or mobile apps.</p><div  class="fancy-box"><div class="fancy_box-title">READ MORE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="72hqTVmvjTxGFx2UNhdZV9" name="Amazon_Logo_GettyImages-1754641931.jpg" caption="" alt="An Amazon.com logo on an Amazon electric delivery van designed by Rivian in the Queens borough of New York, US" src="https://cdn.mos.cms.futurecdn.net/72hqTVmvjTxGFx2UNhdZV9.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-storage/setting-up-and-securing-amazon-s3-storage">Setting up and securing Amazon S3 storage</a></p></div></div><p>Object storage, or ‘object-based’ storage, is a type of architecture that manages data as an object, instead of files or blocks. Each object includes the data itself, a variable of metadata, and a globally unique identifier. The metadata element is key, as it is separated to support additional capabilities, such as the capture of application-centric or user-centric information for indexing, which is traditionally harder with fixed metadata.</p><p>Amazon S3&apos;s object storage approach is designed in a way that simplifies data admin. It removes the need for many basic storage functions, such as construction and management of logical volumes for disk capacity, or configuring settings to prevent disk failure.</p><p>Part of the reason Amazon S3 is so popular is its accessible pricing. Customers only pay for what they use, and there is no minimum service fee. It&apos;s also quite cheap, with the first 50TB, or the first month of use, being just $0.024 per GB – <em>price</em> <em>accurate at the time of writing.</em></p><h2 id="amazon-s3-security-what-are-buckets-and-keys">Amazon S3 security: What are buckets and keys?</h2><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="urkRWxF6bNsYkgW2n5HFR3" name="urkRWxF6bNsYkgW2n5HFR3.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/urkRWxF6bNsYkgW2n5HFR3.jpg" mos="https://cdn.mos.cms.futurecdn.net/urkRWxF6bNsYkgW2n5HFR3.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Business value on AWS</strong></p><p class="fancy-box__body-text">Four key dimensions that will help to build a comprehensive business case for the cloud</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/367530/business-value-on-aws" data-original-url="/cloud/367530/business-value-on-aws">FREE DOWNLOAD</a></p></div></div><p>Amazon S3 organises data into &apos;buckets&apos;. These act as data repositories that can handle an unlimited number of objects, although each object is limited to a maximum size of 5TB. Buckets are designed in a way that allows for data to be organized and for access controls to be placed on objects.</p><p> Any object placed inside a bucket will be assigned a unique key, which helps locate and identify specific data objects within each bucket. This key resembles the structure of a URL, and is made up of the bucket number, the object number, and the region or data center the data is stored in.</p><p>Buckets must be appropriately configured in order to prevent unauthorized access to data. Historically, Amazon S3 buckets have been the source of a number of high-profile data leaks, including those belonging to the <a href="https://www.itpro.com/security/30060/100gb-of-secret-nsa-data-found-on-unsecured-aws-s3-bucket">NSA</a>, largely due to misconfigurations through human error.</p><p>Amazon has made efforts to minimize cyber security risk with constant updates and new features, and now includes a wealth of security controls for use across a variety of businesses.</p><p>For example, following an <a href="https://www.itpro.com/cloud/amazon-web-services-aws/354261/aws-plugs-leaky-s3-buckets-with-cloudknox-integration">integration deal with CloudKnox</a> in 2019, the company introduced a built-in <a href="https://www.itpro.com/strategy/28935/what-is-identity-management-and-what-role-does-it-play-in-security-strategy">identity and access management (IAM)</a> tool to make it easier to monitor access controls.</p><p>Admins can also make use of the &apos;S3 Block Public Access&apos; function, which is able to prevent access to specific buckets from those outside of a company or approved list. This function also overrides any existing blanket S3 permissions.</p><p>Read our <a href="https://www.itpro.com/cloud/cloud-storage/setting-up-and-securing-amazon-s3-storage">guide to setting up and securing Amazon S3</a> for more information.</p><h2 id="amazon-s3-latest-features-and-updates">Amazon S3 latest features and updates</h2><p>As a flagship product, Amazon S3 often receives new updates and innovations at the tech giant’s annual conferences. These can sometimes be tie-ins with other AWS services but it mainly sees new cost efficiencies and user improvements.</p><div  class="fancy-box"><div class="fancy_box-title">READ MORE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Ya7fNxPnaPJCSgoP7EYLWE" name="Ya7fNxPnaPJCSgoP7EYLWE.jpg" caption="" alt="The Amazon Web Services dashboard" src="https://cdn.mos.cms.futurecdn.net/Ya7fNxPnaPJCSgoP7EYLWE.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Future)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/amazon-web-services-aws/34126/amazon-web-services-review-aws-packs-in-more-features-than-any-other">Amazon Web Services review: AWS packs in more features than any other cloud service provider</a></p></div></div><p>For instance, in 2021, Amazon added S3 Object Lambda, a service that allows users to add their own code to process data retrieval from their S3 buckets before it is returned to an application. The introduction of Lambda enables users multiple views of the same dataset, with capabilities to change the views at any time.</p><p>Another new function is S3 Glacier Instant Retrieval, which was launched during 2021’s AWS Re:Invent. This is a new archive storage class which offers low-cost storage for older datasets that are rarely accessed. AWS claims it is the fastest access to archive storage and offers 63% cost savings compared to previous services.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Sennheiser exposed personal data of 28,000 customers with leaky S3 bucket ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/amazon-s3/361864/sennheiser-exposed-data-28000-customers-aws-s3-bucket</link>
                                                                            <description>
                            <![CDATA[ Server containing full names, email addresses, phone numbers, and supplier information was left open to the public for three years ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">niSceug7ZUfYU6e2EWct6J</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/pLYSEMWDA27GhSS7rbf74M-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 16 Dec 2021 17:57:42 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Danny Bradbury ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/pLYSEMWDA27GhSS7rbf74M-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Three Sennheiser headsets stacked on top of each other on a wooden table]]></media:description>                                                            <media:text><![CDATA[Three Sennheiser headsets stacked on top of each other on a wooden table]]></media:text>
                                <media:title type="plain"><![CDATA[Three Sennheiser headsets stacked on top of each other on a wooden table]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/pLYSEMWDA27GhSS7rbf74M-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Audio equipment manufacturer Sennheiser exposed personal data belonging to around 28,000 customers through a misconfigured <a href="https://www.itpro.com/tag/amazon" data-original-url="https://www.itpro.com/search/aws">Amazon Web Services</a> S3 bucket, researchers revealed on Thursday.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/30060/100gb-of-secret-nsa-data-found-on-unsecured-aws-s3-bucket" data-original-url="/security/30060/100gb-of-secret-nsa-data-found-on-unsecured-aws-s3-bucket">100GB of secret NSA data found on unsecured AWS S3 bucket</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/data-breaches/354532/huge-data-leak-exposes-british-consultancy-firms-and-thousands-of" data-original-url="/security/data-breaches/354532/huge-data-leak-exposes-british-consultancy-firms-and-thousands-of">‘Huge’ data leak exposes British consultancy firms and thousands of consultants</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/29538/unsecured-aws-bucket-left-viacom-open-to-hackers" data-original-url="/security/29538/unsecured-aws-bucket-left-viacom-open-to-hackers">Unsecured AWS bucket 'left Viacom open to hackers'</a></p></div></div><p>The data in question had been collected between 2015 and 2018 and then stored on a public-facing S3 bucket that has remained dormant ever since, <a href="https://www.vpnmentor.com/blog/report-sennheiser-leak">according to experts at VPN reviews website vpnMentor</a>.</p><p>The data included customers' full names, email addresses, phone numbers, and home addresses, as well as the names of companies requesting hardware samples and the number of employees they had. At least 407,000 files, totaling 55Gb of data, were available.</p><p>"Sennheiser failed to implement any security measures on its S3 bucket, leaving the contents totally exposed and easily accessible to anyone with a web browser and technical skills," the researchers said.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="hqxjmaqbxyxnQ7e4kT2cXa" name="hqxjmaqbxyxnQ7e4kT2cXa.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/hqxjmaqbxyxnQ7e4kT2cXa.jpg" mos="https://cdn.mos.cms.futurecdn.net/hqxjmaqbxyxnQ7e4kT2cXa.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>The secure cloud configuration imperative</strong></p><p class="fancy-box__body-text">The central role of cloud security posture management</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/359672/the-secure-cloud-configuration-imperative" data-original-url="/cloud/359672/the-secure-cloud-configuration-imperative">FREE DOWNLOAD</a></p></div></div><p>The researchers discovered the exposed data on October 26, notifying Sennheiser two days later. Following a request for more information on November 1, the researchers sent the company the URL leading to the unsecured server along with examples of the types of information they had been able to lift. The company then locked the server down a few hours later.</p><div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="high" data-lazy-src="https://www.youtube-nocookie.com/embed/iEFMuuXpmTs" allowfullscreen></iframe></div></div><p>VpnMentor said that if anyone had accessed the exposed data, they could have used it for identity theft, enabling them to perpetrate tax, insurance, mortgage, and credit card fraud. They could also have sent <a href="https://www.itpro.com/security/phishing" data-original-url="https://www.itpro.com/search/phishing">phishing emails</a> to victims impersonating Sennheiser in order to source an even greater trove of personal information.</p><p>S3 is the storage layer supporting AWS services, and can be configured to be accessible from the public internet or to be private. However, it remains up to customers to make sure the buckets are configured correctly.</p><p>Exposing data in misconfigured S3 buckets is a common problem for AWS customers. In August, consumer ratings and review website SeniorAdvisor <a href="https://www.itpro.com/data-insights/big-data/360525/data-breach-exposes-details-on-millions-of-us-seniors" data-original-url="https://www.itpro.com/data-insights/big-data/360525/data-breach-exposes-details-on-millions-of-us-seniors">exposed over three million</a> US senior's personal data via the cloud-based service. In June 2020, vpnMentor also <a href="https://www.itpro.com/security/data-breaches/356082/niche-dating-apps-expose-almost-1tb-of-user-data" data-original-url="https://www.itpro.com/security/data-breaches/356082/niche-dating-apps-expose-almost-1tb-of-user-data">discovered sensitive files</a> from at least 100,000 users across multiple dating sites in exposed S3 storage.</p><p>Amazon has attempted to mitigate the problem, which typically stems from human error, <a href="https://www.itpro.com/cloud/amazon-web-services-aws/354261/aws-plugs-leaky-s3-buckets-with-cloudknox-integration" data-original-url="https://www.itpro.com/cloud/amazon-web-services-aws/354261/aws-plugs-leaky-s3-buckets-with-cloudknox-integration">with a tool to spot misconfigured resources</a>.</p><iframe frameborder="0" height="200px" width="100%" data-lazy-priority="high" data-lazy-src="https://widget.spreaker.com/player?episode_id=46862322&theme=light&playlist=false&playlist-continuous=false&chapters-image=true&episode_image_position=right&hide-logo=false&hide-likes=true&hide-comments=true&hide-sharing=true&hide-download=true&color=ffe019"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Cloudflare takes aim at "exorbitant" AWS fees with R2 storage service ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/cloud-storage/361052/cloudflare-takes-on-aws-with-r2-storage-service</link>
                                                                            <description>
                            <![CDATA[ The internet giant wants developers to "keep developing" rather than worrying about their storage bills ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">dKedSz3e9jRr7VVuXR2mQH</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/NAKQLSDqVpjtoBgjdN4ttb-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 29 Sep 2021 10:14:28 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Cloud Storage]]></category>
                                                    <category><![CDATA[Cloud]]></category>
                                                                                                                    <dc:creator><![CDATA[ Bobby Hellard ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/bsR2tHSyVKUoyXZF5pNsDA.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/NAKQLSDqVpjtoBgjdN4ttb-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Cloudflare&amp;#039;s headquarters in San Francisco ]]></media:description>                                                            <media:text><![CDATA[Cloudflare&amp;#039;s headquarters in San Francisco ]]></media:text>
                                <media:title type="plain"><![CDATA[Cloudflare&amp;#039;s headquarters in San Francisco ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/NAKQLSDqVpjtoBgjdN4ttb-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Internet giant <a href="https://www.itpro.com/security/phishing/361049/cloudflare-enters-the-email-security-business" target="_blank" data-original-url="https://www.itpro.com/security/phishing/361049/cloudflare-enters-the-email-security-business">Cloudflare</a> has made a bold pitch for enterprise customers with its new R2 object storage service. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/phishing/361049/cloudflare-enters-the-email-security-business" data-original-url="/security/phishing/361049/cloudflare-enters-the-email-security-business">Cloudflare enters the email security business</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/vulnerability/360325/weekly-threat-roundup-windows-11-cloudflare-google-chrome" data-original-url="/security/vulnerability/360325/weekly-threat-roundup-windows-11-cloudflare-google-chrome">Weekly threat roundup: Windows 11, Cloudflare, Google Chrome</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/amazon-web-services-aws/354261/aws-plugs-leaky-s3-buckets-with-cloudknox-integration" data-original-url="/cloud/amazon-web-services-aws/354261/aws-plugs-leaky-s3-buckets-with-cloudknox-integration">AWS plugs leaky S3 buckets with CloudKnox integration</a></p></div></div><p>Cloudflare claims the selling point of R2 is that it comes with no "outrageous" charges for migrating data to external services, pitting it directly against Amazon's dominant S3 service. </p><p>R2 Storage is designed for the edge, according to Cloudflare, and offers customers the ability to store large amounts of data and extract it for no additional cost. </p><p>In order to build websites and applications, developers need to store photos, videos, and graphics in easily accessible places, but that can become an expensive problem over time. AWS S3 is well known for its "egress" charges that can result in hefty bills over time, and Microsoft Azure and Google Cloud also implement similar fees for data migration.</p><p>However, both Azure and Google Cloud offer substantial discounts for their mutual Cloudflare customers, according to a Cloudflare blog from July.</p><p>"We agree that Amazon S3 has been a game changer for developers. With the deepest feature set and industry-leading scalability, data availability, security, and performance, customers are storing well over 100 trillion objects there today. While we can't comment on a product that has been announced but not released, we welcome competition generally across our businesses because we believe it is healthy and helps grow markets," an AWS spokesperson said.</p><p>Increasingly egregious bandwidth pricing has made cloud storage an expensive headache for some developers, and eventually leads to vendor lock-in, according to Cloudflare. As such, the company is making it its mission to heIp build a better internet by focusing on making it faster, safer, and also more affordable for everyone.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="V54YJmE46MV9vmzvrWtaMA" name="V54YJmE46MV9vmzvrWtaMA.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/V54YJmE46MV9vmzvrWtaMA.jpg" mos="https://cdn.mos.cms.futurecdn.net/V54YJmE46MV9vmzvrWtaMA.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Reinvention starts with cloud migration of your data infrastructure</strong></p><p class="fancy-box__body-text">Explore why the most efficient way forward is data-driven</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-storage/360420/cloud-migration-of-your-data-infrastructure" data-original-url="/cloud/cloud-storage/360420/cloud-migration-of-your-data-infrastructure">FREE DOWNLOAD</a></p></div></div><p>"Since AWS launched S3, cloud storage has attracted, and then locked in, developers with exorbitant egress fees," said Matthew Prince, co-founder and CEO of Cloudflare. "We want developers to keep developing, not worrying about their storage bill. </p><p>"Our aim is to make R2 Storage the least expensive, most reliable option for storing data, with no egress charges. I'm constantly amazed by what developers are building on our platform, and look forward to continued innovation as we expand the tools they have access to."</p><p>As well as entering the enterprise storage business, <a href="https://www.itpro.com/security/phishing/361049/cloudflare-enters-the-email-security-business" target="_blank" data-original-url="https://www.itpro.com/security/phishing/361049/cloudflare-enters-the-email-security-business">Cloudflare this week also announced its first foray into the email security industry</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Printing company exposes 343GB of sensitive military data ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-breaches/355056/vpnmentors-web-mapping-project-finds-more-exposed-military-files-via</link>
                                                                            <description>
                            <![CDATA[ The leak is the latest in a series of data blunders discovered by vpnMentor's web-mapping project ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4yX8XeEPNcY9LpTgh6uHpj</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6xwTpE9mkWmaQEpQtq4fUR-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 20 Mar 2020 11:57:45 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6xwTpE9mkWmaQEpQtq4fUR-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6xwTpE9mkWmaQEpQtq4fUR-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>UK Printing company Doxzoo inadvertently exposed 343GB of data through a misconfigured Amazon Web Services (AWS) S3 bucket, including sensitive information said to relate to branches of the UK and US military.</p><p>Potentially more than 100,000 users were affected by the data leak, with approximately 270,000 records exposed including personal information and payment information, as well as order details, passport information, and the contents of printing orders.</p><p>Among the exposed data was the copyrighted and sensitive work of Doxzoo clients, who spanned from military personnel to screenwriters. <a href="https://www.vpnmentor.com/blog/report-doxzoo-leak" target="_blank">Researchers with vpnMentor</a>, led by Noam Rotem and Ran Locar, found a wide range of information including university course material, screenplays, and internal military documents, some of which contained classified information.</p><p>“The items contained this leak often hold private and/or confidential information within,” said vpnMentor’s research team. </p><p>“The promise of secure facilities and systems are key selling points for clients such as the military, and the breach of that guarantee is not only a failure in service, but also potentially holds a security risk along with it.”</p><p>The security firm has been finding pockets of exposed information for many months as part of a wider web-mapping project, and have recently detailed finding several alarming troves of exposed data.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/exploits/34009/thousands-of-sites-fall-to-magecart-spray-and-pray-attack" data-original-url="/exploits/34009/thousands-of-sites-fall-to-magecart-spray-and-pray-attack">Thousands of sites fall to Magecart 'spray and pray' attack</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/amazon-web-services-aws/354261/aws-plugs-leaky-s3-buckets-with-cloudknox-integration" data-original-url="/cloud/amazon-web-services-aws/354261/aws-plugs-leaky-s3-buckets-with-cloudknox-integration">AWS plugs leaky S3 buckets with CloudKnox integration</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/data-breaches/354532/huge-data-leak-exposes-british-consultancy-firms-and-thousands-of" data-original-url="/security/data-breaches/354532/huge-data-leak-exposes-british-consultancy-firms-and-thousands-of">‘Huge’ data leak exposes British consultancy firms and thousands of consultants</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-breaches/34347/monstercom-job-seeker-data-exposed-in-third-party-leak" data-original-url="/data-breaches/34347/monstercom-job-seeker-data-exposed-in-third-party-leak">Monster.com job seeker data exposed in third-party leak</a></p></div></div><p>These findings include a database of <a href="https://www.itpro.com/security/cyber-security/354246/millions-of-text-messages-leaked-through-exposed-truedialog-server" data-original-url="https://www.itpro.com/security/cyber-security/354246/millions-of-text-messages-leaked-through-exposed-truedialog-server">604GB of text messages run by US-based communications firm TrueDialog</a>, as well as sensitive information from <a href="https://www.itpro.com/security/data-breaches/354532/huge-data-leak-exposes-british-consultancy-firms-and-thousands-of" data-original-url="https://www.itpro.com/security/data-breaches/354532/huge-data-leak-exposes-british-consultancy-firms-and-thousands-of">British consultancy firms and consultants</a> such as passport scans and financial documents.</p><p>The firm previously <a href="https://www.itpro.com/security/34671/us-military-data-exposed-in-179gb-autoclerk-leak" data-original-url="https://www.itpro.com/security/34671/us-military-data-exposed-in-179gb-autoclerk-leak">discovered exposed US military data in October 2019</a> due to a flaw in a reservations management system owned by the Best Western hotel chain. Personnel working for the US Department for Homeland Security (DHS) and the military was seen by researchers from vpnMentor, including travel arrangements both past and future.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="29GMe8oeDBrrJwcb7ccQSV" name="29GMe8oeDBrrJwcb7ccQSV.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/29GMe8oeDBrrJwcb7ccQSV.jpg" mos="https://cdn.mos.cms.futurecdn.net/29GMe8oeDBrrJwcb7ccQSV.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>How enterprises are embracing cyber security challenges</strong></p><p class="fancy-box__body-text">Enterprises across Europe, the Middle East and Africa are undergoing a significant transformation</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/355055/how-enterprises-are-embracing-cyber-security-challenges" data-original-url="/security/cyber-security/355055/how-enterprises-are-embracing-cyber-security-challenges">FREE DOWNLOAD</a></p></div></div><p>The countries affected include not just the US and the UK, but clients in Sri Lanka, Nigeria and India, according to researchers. The UK-based printing company has a number of high profile clients and projects, including full-length books and sought-after paid wellness plans.</p><p>Doxzoo could have avoided this leak if they had taken basic security measures to protect the S3 bucket, vpnMentor said, including securing their servers, implementing proper access rules, and preventing system that don't need authentication from being accessed by the public through the internet.</p><p>The firm first discovered the exposed database on 22 January, before notifying the company four days later. Because Doxzoo didn’t respond to vpnMentor’s communication attempts, Amazon was notified on 5 February, and the bucket was finally closed on 11 February.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ‘Huge’ data leak exposes British consultancy firms and thousands of consultants ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-breaches/354532/huge-data-leak-exposes-british-consultancy-firms-and-thousands-of</link>
                                                                            <description>
                            <![CDATA[ Leaky S3 buckets held sensitive information including passport scans, personal details and financial documents ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">oFyj2eWvDqK23U8HXeCHuR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/yoMLGmZWdMQ2uCA6nsjpaS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 14 Jan 2020 15:09:55 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/yoMLGmZWdMQ2uCA6nsjpaS-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/yoMLGmZWdMQ2uCA6nsjpaS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Leaky servers exposed a wealth of personal and financial data held by British consultancy firms as well as thousands of professionals, ranging from expenses forms to personal names and addresses.</p><p>Thousands of sensitive files stored on an <a href="https://www.itpro.com/amazon-web-services-aws/34126/amazon-web-services-review-aws-packs-in-more-features-than-any-other" data-original-url="https://www.itpro.com/amazon-web-services-aws/34126/amazon-web-services-review-aws-packs-in-more-features-than-any-other">Amazon Web Services (AWS)</a> S3 bucket had been exposed for an indeterminate amount of time after a database was found to be completely unsecured and unencrypted.</p><p>The compromised files related to the respective HR departments of a host of consultancy firms, as well as thousands of workers whose data was held by these departments. </p><p>Most of the exposed data dates back to the 2014/15 financial year, with some files even going back to 2011, although <a href="https://www.vpnmentor.com/blog/report-chs-leak">researchers with vpnMentor</a>, who discovered the leaky database, insist the information exposed is still pertinent to cyber criminals. </p><p>“Given the nature of the files contained within the database, the information exposed is still relevant and could be used in many ways,” the researchers said.</p><p>“Had criminal hackers discovered this database, it would have been a <a href="https://www.itpro.com/security/28133/what-is-cyber-security" data-original-url="https://www.itpro.com/security/28133/what-is-cyber-security">goldmine for illicit activities and fraud</a>, with potentially devastating results for those exposed.”</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/privacy/354241/stop-leaking-your-identity" data-original-url="/security/privacy/354241/stop-leaking-your-identity">Stop leaking your identity</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-breaches/34570/fifa-20-s-first-pro-competition-of-the-year-kicks-off-with-a-data-leak" data-original-url="/data-breaches/34570/fifa-20-s-first-pro-competition-of-the-year-kicks-off-with-a-data-leak">FIFA 20’s first pro competition of the year kicks off with a data leak</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/amazon-web-services-aws/354261/aws-plugs-leaky-s3-buckets-with-cloudknox-integration" data-original-url="/cloud/amazon-web-services-aws/354261/aws-plugs-leaky-s3-buckets-with-cloudknox-integration">AWS plugs leaky S3 buckets with CloudKnox integration</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-breaches/34347/monstercom-job-seeker-data-exposed-in-third-party-leak" data-original-url="/data-breaches/34347/monstercom-job-seeker-data-exposed-in-third-party-leak">Monster.com job seeker data exposed in third-party leak</a></p></div></div><p>The open S3 bucket was discovered on 9 December 2019 and shut down ten days later after AWS responded to the researchers. </p><p>The documents include thousands of passport scans, for instance, tax documents, background checks, paperwork relating to business taxes, scanned contracts with signatures, as well as emails and private messages.</p><p>This is on top of a treasure trove of personally identifiable information such as full names, addresses, phone numbers, and email addresses, as well as immigration statuses, salary details and details of individual consultants’ fees.</p><p>Having identified the database owner as just ‘CHS’, the researchers traced this back to CHS Consulting, a London-based consultancy firm. However, the researchers couldn’t completely verify the ownership of the database because this company has no website.</p><p>The companies whose files were exposed include, but are not limited to, Dynamic Partners, Eximius Consultants Limited, Garraway Consultants, IQ Consulting, Partners Associates Ltd, Winchester Ltd, researchers with vpnMentor have claimed. A handful of these firms have been dissolved.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="L8vUrzgp7mhwUJ5GEHSyyi" name="L8vUrzgp7mhwUJ5GEHSyyi.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/L8vUrzgp7mhwUJ5GEHSyyi.png" mos="https://cdn.mos.cms.futurecdn.net/L8vUrzgp7mhwUJ5GEHSyyi.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Managing security risk and compliance in a challenging landscape</strong></p><p class="fancy-box__body-text">How key technology partners grow with your organisation</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business-strategy/digital-transformation/354266/managing-security-risk-and-compliance-in-a" data-original-url="/business-strategy/digital-transformation/354266/managing-security-risk-and-compliance-in-a">FREE DOWNLOAD</a></p></div></div><p>vpnMentor discovered the leak as part of a wider web-mapping project, in which port scanning is used to examine IP addresses and test open holes in systems for any potential weaknesses.</p><p>“Our team was able to access this AWS S3 bucket database because it was completely unsecured and unencrypted,” the researchers added. “The purpose of this web mapping project is to help make the internet safer for all users.</p><p>“As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. </p><p>“As we couldn’t reach out to the owner directly, we reached out to both the NCSC and Amazon, to let them know about the vulnerability but also to have them help us secure the data.”</p><p>The exposure of thousands of consultancy-related files is one of the first major data incidents of 2020, although it follows several similar leaks late last year. </p><p>The same team of researchers, for example, in December 2019 <a href="https://www.itpro.com/security/cyber-security/354246/millions-of-text-messages-leaked-through-exposed-truedialog-server" data-original-url="https://www.itpro.com/security/cyber-security/354246/millions-of-text-messages-leaked-through-exposed-truedialog-server">found a trove of millions of text messages leaked through an exposed Microsoft Azure server</a> owned by the US-based communications firm TrueDialog. </p><p>Highly sensitive data <a href="https://www.itpro.com/security/34671/us-military-data-exposed-in-179gb-autoclerk-leak" data-original-url="https://www.itpro.com/security/34671/us-military-data-exposed-in-179gb-autoclerk-leak">belonging to the US Department for Homeland Security (DHS) and the US military</a> to the tune 179GB was also leaked through an unsecured AWS S3 bucket, discovered in September and closed on 2 October 2019.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Vodafone, Ford potentially targeted by Capital One hacker ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/data-breaches/34107/capital_one_data_breach</link>
                                                                            <description>
                            <![CDATA[ Slack messages reveal data breach could be far worse than previously thought ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">mQDrMebNrwZjjFY93Av7Qo</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ijuHcSF4xvbMC7S8atDXWH-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 01 Aug 2019 10:45:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ijuHcSF4xvbMC7S8atDXWH-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Capital One]]></media:description>                                                            <media:text><![CDATA[Capital One]]></media:text>
                                <media:title type="plain"><![CDATA[Capital One]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ijuHcSF4xvbMC7S8atDXWH-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Research into the breach of Capital One's systems this week has suggested that a number of other major organisations could have also been hit by the same hacker.</p><p>Israeli firm CyberInt revealed that Vodafone, Ford, Michigan State University and the Ohio Department of Transportation were also mentioned alongside Capital One in communications sent by alleged hacker Paige Thompson, according to <em><a href="https://www.foxbusiness.com/technology/capital-one-and-many-others-victims-of-the-data-breach-reports-say" target="_blank">Fox Business</a>.</em></p><p>The former Amazon employee, going by the online alias 'erratic', is believed to have hacked into Capital One's systems that contained details belonging to over 100 million customers in the US and Canada.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/33242/the-equifax-effect-explaining-the-biggest-security-disaster-of-the-21st-century" data-original-url="/security/33242/the-equifax-effect-explaining-the-biggest-security-disaster-of-the-21st-century">The Equifax Effect: Explaining the biggest security disaster of the 21st century</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/34070/lancaster-university-hit-by-double-data-breach" data-original-url="/security/34070/lancaster-university-hit-by-double-data-breach">Lancaster University hit by double data breach</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cyber-security/33766/anu-confirms-mass-data-breach-spanning-19-years" data-original-url="/cyber-security/33766/anu-confirms-mass-data-breach-spanning-19-years">ANU confirms mass data breach spanning 19 years</a></p></div></div><p>"I wanna get it off my server that's why I'm archiving all of it lol... it's all encrypted," Thompson is quoted as saying in the communications.</p><p>One other member of the channel replied: "sketchy sh*t... don't go to jail plz".</p><p><a href="https://techcrunch.com/2019/07/31/capital-one-breach-vodafone-ford-researchers" target="_blank"><em>TechCrunch</em></a> contacted each of the affected companies, all of which were still investigating the matter but had no evidence that files had been accessed or stolen.</p><p>Thompson is said to have disclosed her exploits to members of a public Slack channel, along with a list of targetted companies. She is also said to have posted proof on a GitHub page that was linked to her identity, in addition to a number of Twitter posts.</p><p>"Had the perpetrator followed a responsible disclosure process, such as the one published by Capital One and used to report the location of the breached files, then she might not be facing these criminal charges and we as consumers might have avoided yet another instance of our personal data becoming available for public consumption," said Tim Mackey, principal security strategist, Synopsys Cybersecurity Research Center, speaking to <em>IT Pro</em>.</p><p>The data breach, which affected 106 million individuals in North America, is arguably 2019's most significant one yet and one that could develop further as the other affected companies conclude their internal investigations.</p><p><strong>30/07/2019: Capital One suffers data breach affecting 100m customers</strong></p><p>Capital One bank suffered a data breach on Monday which affected over 100 million customers in the US and Canada.</p><p>The bank was hacked via a misconfigured web application and the suspect is believed to be a 33-year-old former Amazon software engineer named Paige Thompson.</p><p>According to current estimates, 140,000 social security numbers had been leaked in the breach, along with 80,000 linked bank account numbers. Phone numbers and credit scores were also leaked but the hacker failed to access credit card numbers.</p><p>Around six million Canadian customers were affected in the breach, around one million of which saw their social insurance numbers compromised.</p><p>"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," <a href="http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043" target="_blank">said Richard D. Fairbank</a>, Chairman and CEO at Capital One. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."</p><p>According to a complaint filed in the District Court for the Western District of Washington at Seattle, Thompson posted details of the hack on her GitHub page which was linked to her real name before a user saw the files and notified the bank.</p><p>Capital One said it acknowledged the hack on 19 July and its believed the hack lasted for longer than five months between 12 March and 17 July.</p><p>"According to the available reports about this breach, it appears that the vector of exploitation was a misconfigured data bucket accessible over the internet from a public IP address," said Alexander Heid, chief research officer at SecurityScorecard.</p><p>"An unauthorized hacker had siphoned out information from the buckets using system commands that would normally have been blocked, and posted the results to various outlets - such as code repositories, chat rooms, and social networks," he added.</p><p>Capital One is a major bank and provider of credit cards in the US and Canada and it also has a presence in the UK as a credit card issuer.</p><p>Last week, credit reporting agency <a href="https://www.itpro.com/security/34064/125-equifax-compensation-application-now-open" target="_blank" data-original-url="https://www.itpro.com/security/34064/125-equifax-compensation-application-now-open">Equifax was fined $700 million</a> for its catastrophic 2017 <a href="https://www.itpro.com/data-breaches/32926/almost-60000-data-breaches-reported-since-may" target="_blank" data-original-url="https://www.itpro.com/data-breaches/32926/almost-60000-data-breaches-reported-since-may">data breach</a> which saw around 147 million customers affected, 15 million of which were British. Information that was leaked during the attack included social security numbers, driver's license details, email addresses, phone numbers and partial credit card information.</p><p>"Compared to Equifax, this breach does not appear to have had anywhere near the same amount of impact," said Heid. "While there were hundreds of millions of records leaked, only a small percentage of those records contained social security information or banking information and there is no indication at this time that the data was distributed beyond the identified individuals.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Thousands of sites fall to Magecart 'spray and pray' attack ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/exploits/34009/thousands-of-sites-fall-to-magecart-spray-and-pray-attack</link>
                                                                            <description>
                            <![CDATA[ In another case of misconfigured Amazon S3 buckets, attackers will likely make a decent ROI despite low success rate ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">hQQY5Wycq5V6XPyPYfJBq8</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/jWnuzcKeWFi2KScQUxT57N-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 12 Jul 2019 10:51:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/jWnuzcKeWFi2KScQUxT57N-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[binary on a screen with words &amp;#039;hacking attack&amp;#039;]]></media:description>                                                            <media:text><![CDATA[binary on a screen with words &amp;#039;hacking attack&amp;#039;]]></media:text>
                                <media:title type="plain"><![CDATA[binary on a screen with words &amp;#039;hacking attack&amp;#039;]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/jWnuzcKeWFi2KScQUxT57N-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>More than 17,000 domains have been compromised in an attack launched by the prolific hacking group Magecart, according to attack surface management firm RiskIQ.</p><p>The attack preys upon websites with leaky Amazon S3 buckets, an attack method seen all too often despite them now being protected by default. The researchers said that anyone with an AWS account could read or write files in the affected buckets.</p><p>The attackers scanned the web for misconfigured buckets to see if they had any Javascript files they could download and add their skimming code, overwriting the script on the bucket.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cyber-attacks/31992/british-airways-ticketmaster-and-newegg-hacks-part-of-massive-magecart" data-original-url="/cyber-attacks/31992/british-airways-ticketmaster-and-newegg-hacks-part-of-massive-magecart">British Airways, Ticketmaster and Newegg hacks part of massive Magecart formjacking campaign</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/29907/aws-adds-default-encryption-to-leaky-s3-buckets" data-original-url="/security/29907/aws-adds-default-encryption-to-leaky-s3-buckets">AWS adds default encryption to leaky S3 buckets</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/28133/what-is-cyber-security" data-original-url="/security/28133/what-is-cyber-security">What is cyber security?</a></p></div></div><p>Magecart was trying to run scripts on websites to glean and make off with payment information that can then be sold on for profit. It wasn't just smaller websites affected by the attack, some of the 17,000+ compromised websites fell into the top 2,000 Alex rankings.</p><p>The problem with the attacker's methodology is this type of skimming attacks rarely works on payment pages of websites, which makes the chance of a successful attack low compared to a more considered, targeted approach.</p><p>But the Magecart group could still enjoy "a substantial return on investment" due to the range of the attack. "The ease of compromise that comes from finding public S3 buckets means that even if only a fraction of their skimmer injections returns payment data, it will be worth it," <a href="https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets" target="_blank">said Yonathan Klijnsma</a>, threat researcher at RiskIQ, in a blog post.</p><p>"Perhaps most importantly, the widespread nature of this attack illustrates just how easy it is to compromise a vast quantity of websites at once with scripts stored in misconfigured S3 buckets," he added. "Without greater awareness and an increased effort to implement the security controls needed to protect the content stored in these buckets from theft or alteration by malicious attackers, there will be more and more impactful attacks using techniques similar to the ones outlined in this blog."</p><p>Exploiting misconfigured Amazon S3 buckets is a common attack method used time and again by opportunistic cyber criminals.</p><p>Earlier in the year, Facebook apps Cultura Collectiva and At the Pool became <a href="https://www.itpro.com/data-protection/33386/third-party-facebook-app-leaked-540m-user-records-on-aws-server" target="_blank" data-original-url="https://www.itpro.com/data-protection/33386/third-party-facebook-app-leaked-540m-user-records-on-aws-server">victims of a similar attack</a>, with the cyber criminals making off with 540 million records, including users' names, IDs and comments made through Facebook's social integration.</p><p>"Like any other security procedure, security policies are a good mechanism for protecting the access to your S3 Bucket, but it needs to be used the right way," said Boris Cipot, senior security engineer at Synopsys. "It has to be understood, and the user needs to know what they are doing when applying those policies to their buckets.</p><p>"Unfortunately, misconfigured policies then can lead to examples like those where the attacker can identify buckets with those misconfigured policies and modify the content on them," he added. "Every user should have a good understanding of what they're doing, but if this is not possible, leave it to professionals that know how to handle security.</p><p>"On the other hand it would be nice to see if Amazon could make a policy screening functionality were they could identify such misconfigured policies and warn the user or in some cases even forbid the usage of loose policies."</p><p>Other notable examples of devastating attacks made possible by leaky buckets include the leak of data belonging 120 American households <a href="https://www.itpro.com/security/30189/experian-data-on-120-million-users-found-in-leaky-aws-bucket" target="_blank" data-original-url="https://www.itpro.com/security/30189/experian-data-on-120-million-users-found-in-leaky-aws-bucket">by Experian</a>. The NSA, WWE and Accenture also suffered similar attacks.</p><p>The future looks bright, however. <a href="https://www.itpro.com/data-breaches/33733/exposed-business-data-rises-by-50-to-23-billion-files" target="_blank" data-original-url="https://www.itpro.com/data-breaches/33733/exposed-business-data-rises-by-50-to-23-billion-files">According to reports</a>, since Amazon enabled encryption for buckets by default, the number of exposed files has plummeted to less than 2,000 whereas the number was in the region of 16 million beforehand.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ AWS' launches Textract tool capable of reading millions of files in a few hours ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/amazon-web-services-aws/33736/aws-launches-textract-tool-capable-of-reading-millions-of-files-in-a</link>
                                                                            <description>
                            <![CDATA[ The machine learning-powered tool promises to be the most accurate for scalping data ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">227LeiSXcADSQz9zpVmrfj</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/5ki6b4uP8KB2vbiVTXN6V6-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 30 May 2019 11:17:00 +0000</pubDate>                                                                                                                                <updated>Tue, 30 Jul 2024 15:05:23 +0000</updated>
                                                                                                                                            <category><![CDATA[Public Cloud]]></category>
                                                    <category><![CDATA[Cloud]]></category>
                                                                                                <author><![CDATA[ connor.jones@futurenet.com (Connor Jones) ]]></author>                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs.&lt;/p&gt;
&lt;p&gt;Connor has previously written for the likes of Red Bull Esports and UNILAD, before a lengthy stint at ITPro. He has a master’s degree in Magazine Journalism from one of the UK’s leading journalism departments at the University of Sheffield, as well as an undergraduate degree in English Language from Sheffield Hallam University.&lt;/p&gt;
&lt;p&gt;When he’s not hitting the phones trying to squeeze stories out of sources and press offices, in his free time Connor studies software development, is a keen cook, and enjoys leading an active life through cycling, hiking, racket sports, and weightlifting.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/5ki6b4uP8KB2vbiVTXN6V6-1280-80.jpg">
                                                            <media:credit><![CDATA[AWS]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[AWS logo on black background]]></media:description>                                                            <media:text><![CDATA[AWS logo on black background]]></media:text>
                                <media:title type="plain"><![CDATA[AWS logo on black background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/5ki6b4uP8KB2vbiVTXN6V6-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>AWS has said that its Textract tool, designed to extract and translate data between files, is now generally available for all customers.</p><p>The tool, which is a machine learning-driven feature of its cloud platform, lets customers autonomously extract data from documents and accurately convert it into a usable format, such as exporting contractual data into database forms.</p><p>The fully-managed tool requires no machine learning knowledge to use and works in virtually any document. Industries that work with specific file types such as financial services, insurance and healthcare will also be able to plug these into the tool.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/open-source/32703/aws-launches-documentdb-in-a-blow-to-open-source" data-original-url="/open-source/32703/aws-launches-documentdb-in-a-blow-to-open-source">AWS launches DocumentDB in a blow to open source</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/33504/apple-spends-30m-a-month-on-aws" data-original-url="/cloud/33504/apple-spends-30m-a-month-on-aws">Apple spends $30m a month on AWS</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/33340/oracle-cuts-staff-count-as-it-tries-to-keep-pace-with-aws" data-original-url="/cloud/33340/oracle-cuts-staff-count-as-it-tries-to-keep-pace-with-aws">Oracle cuts staff count as it tries to keep pace with AWS</a></p></div></div><p>Textract aims to expedite the laborious data entry process that is also often inaccurate when using other third-party software. Amazon claims it can accurately <a href="https://www.cloudpro.co.uk/business-intelligence/7914/how-big-data-will-change-our-lives" target="_blank">analyse millions of documents in "just a few hours</a>".</p><p>"Many companies extract text and data from files such as contracts, expense reports, mortgage guarantees, fund prospectuses, tax documents, hospital claims, and patient forms through manual data entry or simple OCR software," the company said.</p><p>"This is a time-consuming and often inaccurate process that produces an output requiring extensive post-processing before it can be put in a format that is usable by other applications," it added.</p><p>Textract takes data from scanned files stored in <a href="https://www.cloudpro.co.uk/cloud-essentials/public-cloud/8021/third-party-facebook-app-leaked-540m-user-records-on-aws-server" target="_blank">Amazon S3 buckets</a>, reads them and returns data in JSON text annotated with the <a href="https://www.itpro.com/business-operations/productivity/368058/how-to-start-page-numbering-from-a-specific-page-in">page number</a>, section, form labels, and data types.</p><p>PwC is already using the tool for its pharmaceutical clients, an industry that commonly uses processes that involve Food and Drug Administration (FDA) forms that would otherwise require hours to complete, according to Siddhartha Bhattacharya, director lead, healthcare AI at PwC.</p><p>"Previously, people would manually review, edit, and process these forms, each one taking hours," he said. "Amazon Textract has proven to be the most efficient and accurate OCR solution available for these forms, extracting all of the relevant information for review and processing, and reducing time spent from hours to down to minutes."</p><p>The Met Office is another organisation that plans to implement Textract, making use of old weather records.</p><p>"We hope to use AmazonTextract to digitise millions of historical weather observations from document archives," said Philip Brohan, climate scientist at the Met Office. "Making these observations available to science will improve our understanding of climate variability and change."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Third-party Facebook app leaked 540m user records on AWS server ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/data-protection/33386/third-party-facebook-app-leaked-540m-user-records-on-aws-server</link>
                                                                            <description>
                            <![CDATA[ Data trove thought to have been shared prior to Facebook's policy reforms ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">nNPCbRPYumxcAnbYDRfZbe</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/2nfzMZShfYbH3YKutFX7uC-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 04 Apr 2019 11:04:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/2nfzMZShfYbH3YKutFX7uC-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Facebook phone app]]></media:description>                                                            <media:text><![CDATA[Facebook phone app]]></media:text>
                                <media:title type="plain"><![CDATA[Facebook phone app]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/2nfzMZShfYbH3YKutFX7uC-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Facebook's heavily criticised app integration system has led to more than 146GB worth of data being left publicly exposed on AWS servers owned and operated by third-party companies.</p><p>It's believed 540 million records relating to Facebook accounts were stored on the servers, including comments, likes, reactions, names and user IDs, obtained when users engaged with applications on the platform - the same methods unearthed during the investigation into <a href="https://www.itpro.com/policy-legislation/30887/why-cambridge-analytica-could-be-this-decades-enron" target="_blank" data-original-url="https://www.itpro.com/policy-legislation/30887/why-cambridge-analytica-could-be-this-decades-enron">Cambridge Analytica</a>.</p><p>Two apps have been associated with the data hoard so far: Cultura Colectiva, a Mexico-based media company that promotes content to users in Latin America, and At the Pool', a service that matched users with other content, which has been out of operation since 2016.</p><p>At the Pool is said to have held 22,000 passwords for its service in plaintext alongside columns relating to Facebook user IDs - the fear being that many users may have been using the same password for their Facebook accounts.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/29019/three-million-wwe-fan-accounts-exposed-online" data-original-url="/security/29019/three-million-wwe-fan-accounts-exposed-online">Three million WWE fan accounts exposed online</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/29694/accenture-exposes-137gb-of-client-data-on-unsecured-aws-buckets" data-original-url="/security/29694/accenture-exposes-137gb-of-client-data-on-unsecured-aws-buckets">Accenture exposes 137GB of client data on unsecured AWS buckets</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/policy-legislation/32211/facebook-fined-500000-for-cambridge-analytica-data-scandal" data-original-url="/policy-legislation/32211/facebook-fined-500000-for-cambridge-analytica-data-scandal">Facebook fined £500,000 for Cambridge Analytica data scandal</a></p></div></div><p>Both of the app's datasets were stored in <a href="https://www.cloudpro.co.uk/leadership/risks/7058/unsecured-aws-bucket-left-viacom-open-to-hackers" target="_blank">Amazon S3 buckets</a> which were found to be misconfigured to allow public download of the files. Despite being commonly used among businesses, as they allow data to be distributed across servers in a wide geographical area, there have been multiple incidents involving companies failing to adequately safeguard their data.</p><p>Facebooked condemned the practices of both the apps. "Facebook's policies prohibit storing Facebook information in a public database," said a Facebook spokesperson. "Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."</p><p>AWS was made aware of the exposed data on 28 January 2019, following an alert issued by security research firm UpGuard. AWS confirmed it had received the report and was investigating it, but the data was only secured on Wednesday this week.</p><p>"AWS customers own and fully control their data," an AWS spokesperson told <em>IT Pro</em>. "When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here."</p><p>This statement aligns with UpGuard's in that the researchers alerted Cultura Colectiva before AWS on 10 January 2019 but have still yet to receive a response from the company.</p><p><a href="https://www.itpro.com/security/29694/accenture-exposes-137gb-of-client-data-on-unsecured-aws-buckets" target="_blank" data-original-url="https://www.itpro.com/security/29694/accenture-exposes-137gb-of-client-data-on-unsecured-aws-buckets">Accenture</a>, <a href="https://www.itpro.com/security/30189/experian-data-on-120-million-users-found-in-leaky-aws-bucket" target="_blank" data-original-url="https://www.itpro.com/security/30189/experian-data-on-120-million-users-found-in-leaky-aws-bucket">Experian</a>, <a href="https://www.itpro.com/security/29019/three-million-wwe-fan-accounts-exposed-online" target="_blank" data-original-url="https://www.itpro.com/security/29019/three-million-wwe-fan-accounts-exposed-online">WWE</a>, and the <a href="https://www.itpro.com/security/30060/100gb-of-secret-nsa-data-found-on-unsecured-aws-s3-bucket" target="_blank" data-original-url="https://www.itpro.com/security/30060/100gb-of-secret-nsa-data-found-on-unsecured-aws-s3-bucket">NSA</a> have all been found to have stored data on unsecured AWS servers in recent years, with the problem becoming so prevalent that hackers have started <a href="https://www.itpro.com/amazon-web-services-aws/30567/buckhacker-search-tool-lets-users-trawl-through-unsecure-aws-buckets" target="_blank" data-original-url="https://www.itpro.com/amazon-web-services-aws/30567/buckhacker-search-tool-lets-users-trawl-through-unsecure-aws-buckets">creating tools specifically designed to target these buckets</a>.</p><p>"While Amazon S3 is secure by default, we offer the flexibility to change our default configurations to suit the many use cases in which broader access is required, such as building a website or hosting publicly downloadable content," said AWS. "As is the case on-premises or anywhere else, application builders must ensure that changes they make to access configurations are protecting access as intended."</p><p>The news coincides with an article published in <em>The Washington Post</em> in which Facebook's Mark Zuckerberg called for a worldwide GDPR' and greater regulation on the data protection principles of big tech outside the EU, despite the company itself facing <a href="https://www.itpro.com/general-data-protection-regulation-gdpr/33111/facebook-is-subject-to-10-major-gdpr-investigations" target="_blank" data-original-url="https://www.itpro.com/general-data-protection-regulation-gdpr/33111/facebook-is-subject-to-10-major-gdpr-investigations">10 major GDPR investigations</a>.</p><p>The discovery of the data has once again raised the issue of Facebook's data sharing policies, something that facilitated the improper sharing of user data for political purposes by Cambridge Analytica. This prompted Facebook to change its sharing policies to restrict access by third-parties, although the fear is that data troves such as this have already been widely shared.</p><p>"Cambridge Analytica was the most high profile case that led to some significant changes in how Facebook interacts with third-party developers, but I suspect there are many troves of Facebook data sitting around where they shouldn't be, including this one," said privacy advocate Paul Bischoff of Comparitech.com.</p><p>"Even though Facebook has limited what information third-party developers can access, there's still nothing Facebook can do about abuse or mishandling until after the fact," he said.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ User error: Businesses expose 1.5bn sensitive files ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/data-breaches/30898/user-error-businesses-expose-15bn-sensitive-files</link>
                                                                            <description>
                            <![CDATA[ Exposed confidential information is roughly 4,000 times larger than the Panama Papers leak ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">oUQ2QLcXvQsKb2NcFXTjZU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ps2kTQsAVXV9nkqyxy9eob-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 06 Apr 2018 10:50:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ps2kTQsAVXV9nkqyxy9eob-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[breach]]></media:description>                                                            <media:text><![CDATA[breach]]></media:text>
                                <media:title type="plain"><![CDATA[breach]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ps2kTQsAVXV9nkqyxy9eob-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>More than 1.5 billion sensitive corporate and consumer files, including payroll details and intellectual property data, are publicly exposed, according to cybersecurity company Digital Shadows.</p><p>Researchers at the firm detected files amounting to 12,000 terabytes of data hosted across Amazon Web Services (AWS) S3 buckets, rsync sites, server message block (SMB) and file transfer protocol (FTP) servers, Misconfigured Websites (WebIndex), and web-connected NAS drives as publicly accessible over the first three months of 2018, detailing their findings in a report titled <a href="https://info.digitalshadows.com/FileSharingDataExposureResearch-HomePage.html" target="_blank">Too Much Information</a>.</p><p>For scale, the volume of data is roughly 4,000 times the size of 2016's Panama Papers leak.</p><p>The files are mostly stored in storage drives or buckets that are unencrypted and open to the public, meaning anyone with the correct URL address could access these documents, despite many containing people's personal information, something the EU's <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know" target="_blank" data-original-url="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR data protection legislation</a> will be able to punish with huge potential fines when the rules come into force next month.</p><p>Digital Shadows CISO Rick Holland said: "The volume of this sensitive data exposure should be a major cause for concern for any security and privacy conscious organisation. In addition, with GDPR fast-approaching, there are clear regulatory implications for any organisation with EU citizen data."</p><p>Following numerous high profile breaches from companies mistakenly storing private information in public S3 buckets, <a href="http://www.cloudpro.co.uk/leadership/risks/7160/aws-adds-default-encryption-to-leaky-s3-buckets" target="_blank">AWS introduced the option to enable default encryption</a> for its cloud storage last November. But as recently as February, <a href="https://www.itpro.com/security/30564/fedex-locks-down-unsecured-amazon-s3-server-that-leaked-customer-data" target="_blank" data-original-url="https://www.itpro.com/security/30564/fedex-locks-down-unsecured-amazon-s3-server-that-leaked-customer-data">FedEx locked down an unsecure S3 server</a> following the exposure of data belonging to more than 119,000 citizens from around the world. And Digital Shadows found S3 buckets still accounted for 6.5% of the exposed data it discovered this year. </p><p>But at 33%, most of the exposed files were found on unencrypted SMB servers; followed by those stored on file-sync rsync sites (28%) and transferred using FTP servers (26%). Payroll (707,960) and tax return (64,048) files were the most commonly exposed employee data.</p><p>Moreover, Digital Shadows found a significant portion of intellectual property data at risk, with the cybersecurity company discovering, for example, a patent summary for renewable energy in a document marked "strictly confidential".</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/29907/aws-adds-default-encryption-to-leaky-s3-buckets" data-original-url="/security/29907/aws-adds-default-encryption-to-leaky-s3-buckets">AWS adds default encryption to leaky S3 buckets</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/general-data-protection-regulation-gdpr/30107/get-gdpr-ready" data-original-url="/general-data-protection-regulation-gdpr/30107/get-gdpr-ready">Seven steps to GDPR compliance</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/general-data-protection-regulation-gdpr/30853/aws-says-its-entire-cloud-is-gdpr-ready" data-original-url="/general-data-protection-regulation-gdpr/30853/aws-says-its-entire-cloud-is-gdpr-ready">AWS says its entire cloud is GDPR-ready</a></p></div></div><p>On another instance a document containing proprietary source code submitted as part of a copyright application was found; including code outlining the design and workflow of a site providing software Electronic Medical Records (EMR), as well as details of the application.</p><p>Confidential information on members of the public also appeared, with 14,687 files listing people's contact information and 4,548 documents identifying healthcare patients, as well as files including transactional information, and some credit card data exposed.</p><p>"While we often hyper-focus on responding to adversaries conducting intrusions into our environments and silently exfiltrating our data, we aren't focusing on our external digital footprints and the data that is already publicly available via misconfigured servers," Holland said.</p><p>US firms had the highest number of leaked files, accounting for more than 239 million (16.3%), while the European Union as a whole made up more than 537 million files (36.5%). More than 64 million files were found to be exposed in the UK, while Germany and France together amassed more than 238 million exposed files.</p><p>Digital Shadows urged organisations to increase user training and awareness to combat the issue in the long term, but the report also mentioned tips to ensure organisations mitigate their risk to inadvertent exposure.</p><p>For users of FTP and SMB servers and rsync sites, Digital Shadows recommended the use of a password, and disabling guest or anonymous access, while firewalling the port off from the internet, and whitelisting the IPs permitted to access the resource.</p><p>Although S3 buckets can be encrypted by default, Digital Shadows recommends AWS users <a href="https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources" target="_blank">understand how to do so</a>, while Misconfigured Websites (WebIndex) users are advised to disable directory listings unless required, and NAS drive users can add a password and disable guest or anonymous access, as well as opt for NAS devices that are secured by default.</p><p><em>Picture credit: Bigstock</em></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 100GB of secret NSA data found on unsecured AWS S3 bucket ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/30060/100gb-of-secret-nsa-data-found-on-unsecured-aws-s3-bucket</link>
                                                                            <description>
                            <![CDATA[ The data related to a failed NSA cloud collaboration project ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9LXeGpcpPk9NsiPpBS9FhR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SqKEWgGvLCoVy67jqodyEM-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 29 Nov 2017 11:25:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Adam Shepherd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/3n2BoLAtRj8Z5eRfxtwyK8.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SqKEWgGvLCoVy67jqodyEM-1280-80.jpg">
                                                            <media:credit><![CDATA[Big Stock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Bucket leaking water]]></media:description>                                                            <media:text><![CDATA[Bucket leaking water]]></media:text>
                                <media:title type="plain"><![CDATA[Bucket leaking water]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SqKEWgGvLCoVy67jqodyEM-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The NSA has been hit by yet another data leak, as over 100GB of sensitive, classified data was exposed through shoddy security practises.</p><p>The leak came from a virtual copy of a hard drive belonging to US Intelligence and Security Command (INSCOM), an intelligence organisation operating within both the US Army and the NSA.</p><p>The virtual disk image was discovered by UpGuard cyber risk research director Chris Vickery on an unprotected public Amazon S3 server, meaning that anyone who knew the web address where the data was stored could freely access it.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/endpoint-security/30038/three-key-pillars-of-threat-visibility" data-original-url="/endpoint-security/30038/three-key-pillars-of-threat-visibility">Three key pillars of threat visibility</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-breaches/30010/uber-hack-a-lesson-in-how-not-to-handle-a-data-breach" data-original-url="/data-breaches/30010/uber-hack-a-lesson-in-how-not-to-handle-a-data-breach">Uber hack: A lesson in how not to handle a data breach</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/29982/what-is-two-factor-authentication" data-original-url="/security/29982/what-is-two-factor-authentication">What is two-factor authentication?</a></p></div></div><p>Unsecured S3 buckets are a frequent cause of embarrassing data breaches for many companies and government organisations. The personal details of <a href="https://www.itpro.com/security/29071/two-million-dow-jones-customer-details-exposed-via-cloud" target="_blank" data-original-url="https://www.itpro.com/security/29071/two-million-dow-jones-customer-details-exposed-via-cloud">two million Dow Jones customers</a> were exposed in a similar fashion earlier this year, as were customers of <a href="https://www.itpro.com/security/29694/accenture-exposes-137gb-of-client-data-on-unsecured-aws-buckets" target="_blank" data-original-url="https://www.itpro.com/security/29694/accenture-exposes-137gb-of-client-data-on-unsecured-aws-buckets">Accenture</a> and the <a href="https://www.itpro.com/security/29019/three-million-wwe-fan-accounts-exposed-online" target="_blank" data-original-url="https://www.itpro.com/security/29019/three-million-wwe-fan-accounts-exposed-online">WWE</a>.</p><p>"Regrettably, this cloud leak was entirely avoidable," UpGuard said in <a href="https://www.upguard.com/breaches/cloud-leak-inscom" target="_blank">a blog post</a> announcing the discovery, "the likely result of process errors within an IT environment that lacked the procedures needed to ensure something as impactful as a data repository containing classified information not be left publicly accessible."</p><p>"Plainly put, the digital tools needed to potentially access the networks relied upon by multiple Pentagon intelligence agencies to disseminate information should not be something available to anybody entering a URL into a web browser," the post said. "Although the UpGuard Cyber Risk Team has found and helped to secure multiple data exposures involving sensitive defense intelligence data, this is the first time that clearly classified information has been among the exposed data."</p><p>The drive in question contained a trove of data related to a US military project codenamed 'Red Disk', a failed cloud collaboration and content sharing platform designed to let field troops access real-time intelligence data from the Pentagon, including satellite and drone imagery.</p><p>The drive also included hashed passwords for internal systems, as well as private keys belonging to third-party INSCOM defence contractors for accessing "distributed intelligence systems". Multiple areas of the drive were marked 'Top Secret', with some sections even bearing the 'NOFORN' designation, indicating that they were to be kept secret even from the US government's foreign intelligence allies.</p><p><em>IT Pro</em> has reached out to the NSA to ask why the appropriate protections were not taken, and will update this piece when we hear back.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>