Storing remotely versus locally offers huge advantages to both consumers and businesses, however,
            exposed S3 Buckets are a constant in the news these days. Too many companies in the last year alone
            (Fed Ex, Alteryx, National Credit Federation, Verizon, Australian Broadcasting Corporation, Dow Jones,
            Deep Root  Analytics, Robocent, Macy’s, Adidas, GoDaddy, SpyFone, etc.), have exposed sensitive,
            personal information of hundreds of millions of people from around the world. This epidemic has seen
            the theft or loss of more than 9 billion data records in the last five years.



            Examples of Misconfigured S3 Buckets

               ●  SpyFone, whose website hero header reads “Monitor Your Children with World’s #1 Parental
                   Monitoring  Software  –  Trusted  by  Parents  Worldwide”  left  the  data  of  thousands  of  its
                   customers—and the information of the children they were monitoring—exposed in an unprotected
                   Amazon S3 bucket.


                   According to Motherboard:

                   “The data exposed included selfies, text messages, audio recordings, contacts, location, hashed
                   passwords and logins, Facebook messages, and more.
                   A  security  researcher  found  the  data  on  an  Amazon  S3  bucket  owned  by  SpyFone,  and
                   Motherboard was able to verify that the researcher had access to SpyFone’s monitored devices’
                   data by creating a trial account, installing the spyware on a phone, and taking some pictures.
                   Hours later, the researcher sent back one of those pictures.

                   The researcher said that the exposed data contained several terabytes of “unencrypted camera
                   photos.”



               ●  GoDaddy, one of the world’s top domain name registrars with over 18 million customers, was
                   discovered to have files containing detailed server information, stored in an unsecured S3 bucket.
                   According to the report from cybersecurity firm UpGuard, the exposed documents include high-
                   level configuration information for tens of thousands of systems and pricing options for running
                   those  systems  in  Amazon  AWS,  including  the  discounts  offered  under  different  scenarios.

                   Mallory Locklear, Engadget, reported that UpGuard notified GoDaddy of the discovery shortly
                   after uncovering the exposed storage bucket, but GoDaddy didn’t secure the information for over
                   five weeks. In that time, when checking up on the progress of his report, it was said that it’s typical
                   for there to be a delay following security reports such as this one.

                   It seems in this instance that Amazon itself was the cause of the exposure. “The bucket in question
                   was created by an AWS salesperson to store prospective AWS pricing scenarios while working
                   with a customer,” an AWS spokesperson told Engadget. “No GoDaddy customer information was
                   in the bucket that was exposed. While Amazon S3 is secure by default and bucket access is






                                 92