Laminar Labs has released a new research report focused on public facing cloud storage buckets — such as AWS S3 buckets. The report most notably found that 21% of scanned publicly facing cloud storage buckets contained personally identifiable information (PII). The majority of this data was actually misplaced data.
The types of PII found included credit scores, loan details, names, driver’s license numbers, emails, addresses, and more.
Some of the examples of data included crypto wallet address as well — ethereum address and bitcoin address information and block card email address.
Gali Lazarovsky, Data Analyst, Laminar Labs, provided context as to why this is a danger to both consumers and organizations: “Because this data contains such highly sensitive information as loan details, bitcoin addresses and conversations about unemployment benefits, we believe that this data has the potential to put the organizations to whom the information belongs at risk. Organizations cannot properly protect data they do not know is exposed. And in the shared responsibility model, keeping this data secure is the responsibility of the organization that owns the buckets in which the data resides. Fortunately, there are ways to uncover and address this risk.”
In order to protect their data organizations should be looking at implementing dedicated data security posture management solutions — ideally a solution that can discover unknown and known data across public buckets.