AWS Discloses Security Incident Affecting S3 Buckets

Amazon Web Services (AWS) has disclosed a security incident involving misconfigured S3 buckets that may have exposed customer data. The company has notified affected customers and implemented additional safeguards.

What Happened

According to AWS, a configuration change in their S3 service inadvertently allowed unauthorized access to certain customer buckets. The issue affected:

Approximately 2,300 customer accounts
Data stored in the us-east-1 region
A window of approximately 4 hours

AWS Response

AWS has taken the following steps:

Reverted the configuration change
Notified all affected customers
Implemented additional access controls
Launched an internal investigation

What You Should Do

If you use AWS S3, we recommend:

Review your bucket access logs
Enable S3 Block Public Access
Implement bucket policies with least privilege
Enable CloudTrail logging

What Happened

According to AWS, a configuration change in their S3 service inadvertently allowed unauthorized access to certain customer buckets. The issue affected:

Approximately 2,300 customer accounts
Data stored in the us-east-1 region
A window of approximately 4 hours

AWS Response

AWS has taken the following steps:

Reverted the configuration change
Notified all affected customers
Implemented additional access controls
Launched an internal investigation

What You Should Do

If you use AWS S3, we recommend:

Review your bucket access logs
Enable S3 Block Public Access
Implement bucket policies with least privilege
Enable CloudTrail logging

AWS Discloses Security Incident Affecting S3 Buckets

What Happened

AWS Response

What You Should Do

TAGS

SHARE_THIS_ARTICLE

Enjoyed this article?

AWS Discloses Security Incident Affecting S3 Buckets

What Happened

AWS Response

What You Should Do

TAGS

SHARE_THIS_ARTICLE

Enjoyed this article?