Top 5 AWS Misconfigurations That Led to Data Leaks in 2021 | Spiceworks (2023)

2021 witnessed a series of headline-grabbing data leaks that occurred as a result of AWS misconfigurations. Let’s take a look at some of the top data leaks in 2021 along with tips from experts on how organizations can prevent misconfigurations in their AWS environments.

As organizations continue to invest in digital transformation, AWS is becoming an ever more crucial facet. Companies roll out new workloads constantly, using installations in several regions and relying on multiple AWS services. Recent data reveals a significant increase in dependence on AWS services and accompanying security failings among many organizations.

Growing complexity and danger have inevitably resulted from the expansion of AWS services. In fact, in the previous 12 months, research from Vectra indicated that every company surveyed had at least one security issue in its public cloud environment. Client misconfiguration is the fundamental cause of over 99% of cloud breaches. The Vectra research revealed the following blind spots:

    • Before moving to production, 30% of the surveyed organizations had no official sign-off.
    • 40% of respondents claim they don’t have a DevSecOps workflow in place.
    • According to 71% of organizations, ten or more employees may change the whole architecture in their AWS settings, opening up a slew of attack avenues for hackers.

Top AWS Misconfigurations in 2021 That Led to Data Leaks

From the U.S. Department of Defense to Silicon Valley tech giants and beyond, anyone can fall prey to misconfigured S3 buckets. Failing to properly secure AWS environments may result in the compromise of enterprise and customer data. Misconfigurations are becoming more common in the cloud, and enterprises must first understand the fundamental causes of S3 breaches and vulnerabilities. Otherwise, they may face the same fate as some organizations did in 2021.

See More: Game Streaming Leader Twitch Hacked, 125 GB Sensitive Data Leaked

(Video) Scale your AWS best-practice assessment with Cloud One - Conformity

The Cosmolog Kozmetik data leak

In June this year, a famous Turkish beauty brand, Cosmolog Kozmetik, suffered a leak in its Amazon S3 bucket. Thousands of Excel spreadsheets from a 20GB trove disclosed the personal details of 567,000 unique individuals who made purchases from the supplier across numerous e-commerce platforms. While no payment details were compromised, the research team obtained clients’ complete names, physical addresses, and compromised purchase data. Contact information and emails were also disclosed in certain circumstances.

Misconfigured S3 buckets led to data breaches in more than 80 US municipalities

In July, WizCase discovered unsecured Amazon S3 buckets containing data from more than 80 US locales, predominantly in New England. The misconfigured S3 buckets included more than 1,000GB of data and more than 1.6 million files. Residents’ actual addresses, telephone numbers, IDs, and tax papers were all exposed due to the attack. According to the researchers, it was impossible to quantify the number of inhabitants exposed due to the enormous amount and variety of unique papers.

Misconfigured S3 bucket exposed 50k patient records

In February, security researchers at Comparitech discovered over 50,000 data records on two publicly available AWS S3 buckets that lacked any form of password protection or authentication.

Sergio Louriro, the cloud security director at Outpost24, opined, “At first glance, it seems an almost classical mistake of a misconfigured system that should not have been accessible over the internet. Unfortunately, data leak is something we see all too frequently. A cloud service that is brought up for probably all the right reasons, but security is completely forgotten in the process.”

He further said, “As public clouds become so easy and cost effective to spin up, mistakes are easily made with shadow IT and by those without cloud security knowledge. Before connecting any system to the internet, ask yourself the questions: what are we putting in the cloud and are the data sensitive? Then make sure your security team knows about it and make use of cloud security posture management (CSPM) tools as a baseline to harden your cloud services.”

Three million senior citizens’ info exposed by SeniorAdvisor

A security breach at SeniorAdvisor, a review website, compromised over three million elderly adults’ personal information in August. WizCase researchers observed that a misconfigured Amazon S3 bucket exposed details including individuals’ names, numbers, and email addresses. The information pertained to those who were designated as prospects or potential clients. Around 2,000 ‘scrubbed’ reviews were also discovered in which the user’s private information had been deleted or altered.

(Video) A Live Demo of a Cloud Misconfiguration Breach.

Defunct Company left S3 bucket exposed to public access

A New York-based digital marketing company, Reindeer, which was out of business, left its Amazon S3 bucket open to the public, leading to the catastrophic leak of 50,000 files totaling 32 GB. The leak impacted 306,000 people who were customers of of numerous Reindeer clients such as the alcoholic beverage company ‘Patrón Tequila’ and the UK apparel brand ‘Jack Wills.’ Full names, physical locations, email addresses, phone numbers, and hashed passwords formed part of the leaked data.

See More: What Makes AWS Buckets Vulnerable to Ransomware and How to Mitigate the Threat

A Zero Tolerance Approach to Cloud Misconfigurations Is the Need of the Hour

As more data is being migrated to the cloud, the risk of cyber attacks on AWS’ S3 buckets has increased as well. A recent survey conducted by Ermetic found that organizations used cloud identities that, if compromised, would place at least 90% of the S3 buckets in an AWS account at risk. The research indicates that millions of organizations currently using S3 for data storage are vulnerable to ransomware attacks. The high possibility of exposure to even simple ransomware operations is a clear call for cloud security stakeholders to take mitigating steps.

“It does not take much effort for outsiders to find unsecured databases and access sensitive information. There are now tools designed to detect abusable misconfigurations within IT assets like ElasticSearch databases. Because of these tools (and the continued carelessness of companies in cybersecurity), abusing misconfigurations has grown in popularity as an attack vector across all industries, said Anurag Kahol, CTO Bitglass.

“Such vulnerabilities can pose major threats to data security, data subject wellbeing, regulatory compliance, and brand reputation. Even companies with limited IT resources must take full responsibility for securing user data – there is no excuse for negligent security practices such as leaving databases exposed. As such, they must turn to flexible, cost-effective solutions that can prevent data leakage; for example, cloud access security brokers (CASBs) that boast features like cloud security posture management (CSPM), data loss prevention (DLP), user and entity behaviour analytics (UEBA), and encryption of data at rest. It is only with these types of capabilities that an enterprise can be certain that its data is truly safe.”

Jon Helmus, a manager of pentest community at Cobalt, points out two most common causes of AWS S3 bucket misconfigurations and how businesses and IT teams should combat them:

(Video) Infrastructure as Code (IaC) Misconfigurations

1. Keep S3 data private (not public)

Accessing a very complex AWS environment and not understanding the cloud environment’s security guidelines pose many risks. It is possible, and not uncommon, for a user to generate an insecure S3 bucket entirely unknowingly. Organizations should consider training their security engineers in cloud assessments or instituting internal pentest teams that regularly assess the cloud to combat these issues.

2. Opting for usability over security

Security should trump usability, especially when it comes to AWS S3 buckets. Executive leadership and key project decision-makers must keep in mind and prioritize the critical nature of budgeting time for cybersecurity planning from the very beginning.

See More:

Conclusion: Fixing Misconfigurations Takes Time; Organizations Must Act Now

In its recent Cloud Cyber Resilience Report, cloud native security solutions provider Accurics said that of all security risks identified in cloud native environments, as many as 23% corresponded to poorly configured managed service offerings – largely the result of default security profiles or configurations that offered excessive permissions.

(Video) AWS re:Invent 2021 - Security should start left: The problem with shift left

“Cloud native apps and services are more vital than ever before, and any risk in the infrastructure has critical implications,” said Accurics co-founder, CTO & CISO Om Moolchandani. “Our research indicates that teams are rapidly adopting managed services, which certainly increase productivity and maintain development velocity.

“However, these teams unfortunately aren’t keeping up with the associated risks – we see a reliance on using default security profiles and configurations, along with excessive permissions. Messaging services and FaaS are also entering a perilous phase of adoption, just as storage buckets experienced a few years ago. If history is any guide, we’ll start seeing more breaches through insecure configurations around these services.”

According to Accurics, 48% of security risks identified in cloud native environments arose due to the widespread use of insecure defaults. In a majority of instances, organizations made improper use of the default namespace- where system components run- thereby giving attackers access to system components or secrets. “Protecting cloud infrastructure requires a fundamentally new approach that embeds security earlier in the development lifecycle and maintains a secure posture throughout,” the firm said.

“The cloud infrastructure must be continuously monitored in runtime for configuration changes and assessed for risk. In situations where configuration change introduces a risk, the cloud infrastructure must be redeployed based on the secure baseline; this will ensure that any risky changes made accidentally or maliciously are automatically overwritten. With new attacks emerging and ongoing risks continuing to plague organizations, cloud cyber resilience is now more important than ever, and configuration hygiene is critical.”

As far as fixing cloud misconfigurations is concerned, Accurics said many organizations have failed to spot or remediate simple misconfigurations for years. For instance, an organization configured a S3 bucket incorrectly at the time it was added to the environment in 2015. Also, a configuration change made five months later to fix a problem was not properly reset once the work was complete. This drift went undetected and unaddressed until it was exploited nearly five years later.

While fixing infrastructure misconfigurations takes around 25 days on average, the most critical portions of the infrastructure often take the most time to fix. Fixing misconfigurations in load-balancing services, for instance, takes an average of 149 days to fix. Considering these realities, organizations must take immediate steps to discover misconfigurations in their cloud native environments, prioritize remediation efforts, and educate their workforce on cloud security practices.

(Video) Fantastic AWS Hacks and Where to Find Them

Is your organization prepared to combat security related issues in its AWS environment? Let us know on LinkedIn, Twitter, or Facebook. We would love to hear from you!


What are the top 3 biggest data breaches so far in 2021? ›

The biggest data breaches of 2021
  • Comcast (1.5 billion)
  • Brazilian resident data leak (660 million)
  • Facebook (533 million)
  • LinkedIn (500 million)
  • Bykea (400 million)
20 Jan 2022

Did Amazon have a data breach 2021? ›

Otherwise, the most recent known Amazon data breach happened on October 6, 2021, when an unknown hacker leaked sensitive data pertaining to Twitch, a streaming service owned by Amazon.

What is the most common way for data to get leaked? ›

The 8 Most Common Causes of Data Breach
  • Weak and Stolen Credentials, a.k.a. Passwords. ...
  • Back Doors, Application Vulnerabilities. ...
  • Malware. ...
  • Social Engineering. ...
  • Too Many Permissions. ...
  • Insider Threats. ...
  • Physical Attacks. ...
  • Improper Configuration, User Error.

How many breaches are caused by misconfiguration? ›

A Gartner survey found that misconfigurations cause 80% of all data security breaches.

What are the top 3 biggest data breaches so far in 2022? ›

Top 10 Data Breaches So Far in 2022
  • Crypto Theft. The attack took place on January 17th and targeted nearly 500 people's cryptocurrency wallets. ...
  • Microsoft Data Breach. ...
  • 3. News Corp Server Breach. ...
  • Red Cross Data Breach. ...
  • Ronin Crypto Theft. ...
  • FlexBooker Data Breach. ...
  • GiveSendGo Political Data Breach. ...
  • Cash App Data Breach.
12 Oct 2022

What are the two top main reasons for the cyber breaches in 2021? ›

Here's a short list of major causes for data breaches:
  • Cause #1: Old, Unpatched Security Vulnerabilities. ...
  • Cause #2: Human Error. ...
  • Cause #3: Malware. ...
  • Cause #4: Insider Misuse. ...
  • Cause #5: Physical Theft of a Data-Carrying Device.

Which company data leaked this year 2022? ›

Twitter suffered a data breach of 5.4 million accounts after threat actors built a database of phone numbers and email addresses.

What was the first major data breach? ›

What was the first data breach? 2005 is the year of the first data breach to compromise more than 1 million records (DSW Shoe Warehouse; March 2005; 1.4 million credit card numbers and names on those accounts).

When was the last time AWS was hacked? ›

The most recent known Amazon Web Services (AWS) breach happened in May 2022, when a security firm identified over 6.5 terabytes of exposed information on servers belonging to Pegasus Airlines.

What is the biggest cause of data breaches? ›

Criminal hacking—it's what causes the majority of data breaches. These are planned attacks by cybercriminals always looking to exploit computer systems or networks. Some common techniques include phishing, password attacks, SQL injections, malware infection, and DNS spoofing.

What are the 3 types of personal data breach? ›

Personal data breaches can include:
  • access by an unauthorised third party;
  • deliberate or accidental action (or inaction) by a controller or processor;
  • sending personal data to an incorrect recipient;
  • computing devices containing personal data being lost or stolen;
  • alteration of personal data without permission; and.

What is the most common cause for data breaches of cloud hosted data? ›

Weak and stolen credentials

Stolen passwords are one of the simplest and most common causes of data breaches. Far too many people rely on predictable phrases like 'Password1' and '123456', which means cyber criminals don't even need to break into a sweat to gain access to sensitive information.

What is the biggest threat to cloud? ›

Misconfiguration. In VMware's 2021 State of Cloud Security report, 1 in 6 companies surveyed experienced a cloud data breach due to a misconfiguration in the past year. Researchers elsewhere found that, of all cloud services, cloud storage has one of the highest misconfiguration rates.

How can cloud Misconfigurations be prevented? ›

Granting outbound access to RDP or SSH is a common cloud misconfiguration. Application servers seldom have to SSH to other network servers, so it's unnecessary to use open outbound ports for SSH. Make sure you limit the outbound port access and use the least privilege principle to restrict outbound communications.

How do you solve cloud Misconfiguration? ›

In our experience as threat management specialists, the best way to deal with Cloud misconfiguration is to use security posture tools. Many security posture tools deal with Public Cloud environments but not SaaS environments.

What are the most hacked websites? ›

Biggest Data Breaches in 2021
  • 1. Facebook. Date: March 2021. Impact: 533,000,000 user records. ...
  • Syniverse. Date: September 2021. Impact: 500,000,000 user records. ...
  • Power Apps from Microsoft. Date: August 2021. Impact: 38,000,000 records. ...
  • Amazon Vendors. Date: May 2021. ...
  • Pandora Papers. Date: October 2021.

What company has been hacked recently? ›

In June 2022, Michigan-based Flagstar Bank notified customers of a data breach in which hackers stole the social security numbers of 1.5 million customers. The attack itself occurred in early December 2021, and Flagstar discovered the breach in early June 2022.

Why are there so many data leaks? ›

In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data. In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.

› resource-center › definitions ›

Since many people are unaware of how common modern security threats work, they don't give it enough attention. In this article, we'll explain data breac...
Data breaches take time and a lot of effort to pull off, but successful breaches can affect not just organizations, but also millions of people. Learn what a da...
If your organisation is to successfully defend against from cyber security risks, you need to know what to look out for. Take a look at the 6 biggest risks.

What companies had a data breach in 2021? ›

Top 10 Data Breaches of 2021
  • Facebook. Data of millions of Facebook users was compromised in April 2021. ...
  • Microsoft Exchange. Four zero-day vulnerabilities were identified in on-premises Microsoft Exchange Servers, resulting in this compromise. ...
  • Pixlr. ...
  • LinkedIn. ...
  • Neiman Marcus Group. ...
  • T Mobile US. ...
  • ParkMobile. ...
  • Cognyte.
1 Feb 2022

How many data breaches were in 2021? ›

There were 1,864 data breaches in 2021, according to the Identity Theft Resource Center. That's an increase of 68% from the previous year.

Who has been hacked recently 2021? ›

This makes Facebook one of the recently hacked companies 2021, and therefore, one of the largest companies to be hacked in 2021. All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.

What are the most recent data breaches? ›

Top 5 Recent High-Profile Company Data Breaches in 2022
  1. Uber: September 2022. ...
  2. Plex: August 2022. ...
  3. Ronin: April 2022. ...
  4. GiveSendGo Breach: February 2022. ...
  5. Breach: January 2022.


1. Avoiding Common Cloud Misconfigurations That Could Lead to Security Breaches with Trend micro
(Angelbeat Seminars)
2. AWS Cloud Security & Compliance
(Angelbeat Seminars)
3. Simulating Cloud Misconfiguration Attacks: S3 Exploits on AWS (Webinar)
(Fugue, Inc.)
4. Cybersecurity Investment Trends | Market Size, Data Breaches, Ransomware, Cloud Data Security
(Simply Explained)
5. Learning from AWS (Customer) Security Breaches with Rami McCarthy
(OWASP DevSlop)
6. How to Implement Top 10 AWS Security Best Practices in 2021?
(Cloud Guru)
Top Articles
Latest Posts
Article information

Author: Ms. Lucile Johns

Last Updated: 04/11/2023

Views: 6105

Rating: 4 / 5 (41 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Ms. Lucile Johns

Birthday: 1999-11-16

Address: Suite 237 56046 Walsh Coves, West Enid, VT 46557

Phone: +59115435987187

Job: Education Supervisor

Hobby: Genealogy, Stone skipping, Skydiving, Nordic skating, Couponing, Coloring, Gardening

Introduction: My name is Ms. Lucile Johns, I am a successful, friendly, friendly, homely, adventurous, handsome, delightful person who loves writing and wants to share my knowledge and understanding with you.