Nearly six per cent of all Google Cloud buckets are vulnerable to unauthorised access due to misconfiguration issues, according to the latest research by Comparitech's cyber security team.
Buckets, in cloud storage, are the basic containers that are used to hold the data. Everything that a user stores in cloud storage must be contained in a bucket. Admins can use these containers to organise their data and to control access to it. However, unlike folders and directories, they cannot nest one bucket into another bucket.
In a blog post published on Tuesday, Comparitech's Paul Bischoff revealed that their team recently attempted to search for open bucket on the web. They started by scanning the web using a tool which is easily available to admins but also to hackers.
In their web search, the researchers looked for Alexa's top 100 web domains, in combination with some common words, such as "db", "database", and "bak" used by admins when naming their buckets.
Through this web scan, the research team was able to discover 2,064 Google Cloud buckets in about 2.5 hours.
After analysing all 2,064 buckets, the researchers found that 131 of them (nearly 6 per cent) were misconfigured and vulnerable to unauthorised access.
According to Comparitech, the exposed data included nearly 6,000 scanned documents containing confidential information, such as passports details and birth certificates of children in India. A database belonging to a Russian web developer was also found that leaked developer's chat logs and email server credentials.
Bischoff warns that uncovering exposed cloud databases on internet is not a difficult job. In case of Google cloud storage, there are naming guidelines that make open buckets easy to find. Such buckets can contain sensitive files, source code, credentials and databases, which can be illegally accessed by malicious actors.
According to Bischoff, admins can check if their bucket is exposed by using gsutil (Google's official command-line tool) or BucketMiner tool to scan the web. Scanning for company's name on Google and Amazon infrastructure will display some filenames, images, or other stats, suggesting if the bucket is open.
Bucket misconfiguration issues are found on all cloud storage platforms, including Amazon and Microsoft.
Earlier this year, security researchers at vpnMentor discovered an unsecured database stored in an Amazon Web Services (AWS) S3 bucket containing information belonging to HR departments of various British consultancy firms.
The researchers said they were able to see all files stored in the database, including thousands of passport scans, tax documents, background checks, job applications, expense forms, scanned contracts, emails and salary details.
Research carried out by Rapid7 in 2013 revealed that one in six buckets on Amazon's S3 were misconfigured, leading to the exposure of business data to the public.
Post-Covid-19, security is no longer an ‘IT issue’ – it’s a C-suite item and a fundamental strategic priority
Chinese state-sponsored cyber actors are targeting bugs in F5, Citrix, Pulse and Microsoft Exchange Servers, US agencies warn
Organisations need to patch their systems immediately, they advise
The vulnerability could allow an attacker to have access to an organisation's Active Directory domain controllers
Chinese intelligence is building detailed profiles on tens of thousands of citizens worldwide, leaked database suggests
Names include 52,000 Americans, 35,000 Australians, 10,000 Indians, 9,700 British, 5,000 Canadians, 1,400 Malaysians and 793 New Zealanders
The attack seems to have infected business systems, not data centres software