A Search Tool That Allows Anyone To Access Cloud Documents

A website created by anonymous hackers has been launched that allows anyone to search for unsecured sensitive data stored in the cloud.

Buckhacker is a tool that trawls servers at Amazon Web Services (AWS), a popular cloud computing platform. AWS provides data storage to private firms, governments and universities, among others.

Exposed data has been found on it before, but Buckhacker makes searching for it much easier.

The name comes from the fact that AWS Simple Storage Servers (S3) are known as "buckets", this is the part of AWS that Buckhacker accesses.The BBC alerted Amazon to Buckhacker shortly after it went live, but the firm has yet to issue a statement on the matter.

Offline 'for maintenance'
Recently Buckhacker went offline "for maintenance", though it had previously been working allowing a number of cyber-security experts to explore it.

"We went online with the alpha version too early," said a Twitter account associated with the Buckhacker site.

Security expert Kevin Beaumont told the BBC: "It's a goldmine of stuff which shouldn't be public." He pointed to one example that appeared to be of encryption keys for a cloud customer at a different cloud computing service.

"S3 buckets have been a problem for years," added Mr Beaumont.

"The search engine is the first easy to access ways of looking inside them... companies are losing control of their data in the cloud."

BBC

You Might Also Read:

Microsoft Cloud Is Hosting US Spy Data:

In The House Or In The Cloud: Which Is More Secure?:

 

« Discover Your Inner Spy
Crypto-Mining Is A Growing Epidemic »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

CyberESI

CyberESI

CyberESI is a Managed Security Service Provider providing 24x7 remote security monitoring and management of your mission-critical networks.

BooleBox

BooleBox

Boolebox is the innovative suite of enterprise data protection applications that preserve the integrity and confidentiality of data from any unauthorized access.

Fraugster

Fraugster

Fraugster provides the most precise anti-fraud solution for e-commerce businesses.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

ShorePoint

ShorePoint

ShorePoint is an elite cybersecurity firm dedicated to improving the cyber resilience of Federal agencies and their missions.

Responsible Cyber

Responsible Cyber

Protect yourself with Responsible Cyber’s 360° platform, IMMUNE, arming you with comprehensive support for your business.

Stairwell

Stairwell

Stairwell is building a new approach to cybersecurity around a vision that all security teams should be able to determine what’s good, what’s bad, and why.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

Saffron Networks

Saffron Networks

Saffron Networks is an ISO-certified company. We assure our clients of reliable solutions, specifically with the Security landscape and Enterprise Networking.

Invary

Invary

Invary's expert Runtime Integrity solution, powered by NSA-licensed technology, verifies the security and confidentiality of your system.