A Search Tool That Allows Anyone To Access Cloud Documents

Uploaded on 2018-02-20 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

A website created by anonymous hackers has been launched that allows anyone to search for unsecured sensitive data stored in the cloud.

Buckhacker is a tool that trawls servers at Amazon Web Services (AWS), a popular cloud computing platform. AWS provides data storage to private firms, governments and universities, among others.

Exposed data has been found on it before, but Buckhacker makes searching for it much easier.

The name comes from the fact that AWS Simple Storage Servers (S3) are known as "buckets", this is the part of AWS that Buckhacker accesses.The BBC alerted Amazon to Buckhacker shortly after it went live, but the firm has yet to issue a statement on the matter.

Offline 'for maintenance'
Recently Buckhacker went offline "for maintenance", though it had previously been working allowing a number of cyber-security experts to explore it.

"We went online with the alpha version too early," said a Twitter account associated with the Buckhacker site.

Security expert Kevin Beaumont told the BBC: "It's a goldmine of stuff which shouldn't be public." He pointed to one example that appeared to be of encryption keys for a cloud customer at a different cloud computing service.

"S3 buckets have been a problem for years," added Mr Beaumont.

"The search engine is the first easy to access ways of looking inside them... companies are losing control of their data in the cloud."

BBC

You Might Also Read:

Microsoft Cloud Is Hosting US Spy Data:

In The House Or In The Cloud: Which Is More Secure?:

 

« Discover Your Inner Spy
Crypto-Mining Is A Growing Epidemic »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Landry & Associates

Landry & Associates

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

Phoenix TS

Phoenix TS

Phoenix TS offers world-class management, computer, and IT security certification training courses.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

Crosscheck Networks

Crosscheck Networks

Crosscheck products allow you to test your APIs across different protocols and message formats with functional automation, performance, and security testing capabilities.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

Vanbreda

Vanbreda

Vanbreda Risk & Benefits is the largest independent insurance broker and risk consultant in Belgium and the leading insurance partner in the Benelux.

Inflexor Ventures

Inflexor Ventures

Inflexor Ventures is a technology focused venture capital firm that invests in early stage companies from seed to Series-A+ stages.

Resolvo Systems

Resolvo Systems

Resolvo is provides comprehensive security assessment and testing services in Asia.

Trisul Network Analytics

Trisul Network Analytics

Trisul helps organizations deploy full spectrum deep network monitoring which can serve as a single source of truth for performance monitoring, security analytics, threat detection and compliance.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

Splashtop

Splashtop

Splashtop’s cloud-based, secure, and easily managed remote access solution is increasingly replacing legacy approaches such as virtual private networks.

Opal Security

Opal Security

Opal is an identity and access management platform that offers a consolidated view and control of your whole ecosystem from on-prem to cloud and SaaS.

WillCo Tech

WillCo Tech

WillCo Tech works to enhance national security and force readiness for military and commercial enterprises with a suite of software capabilities surrounding the human element of cybersecurity.

Aberrant

Aberrant

A radically new approach to managing information security. Aberrant is the single pane of glass through which a security program can be viewed.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.