Before the computer cloud was a thing, the term “leaky bucket” was most often used in reference to a business continually losing customers at a rate exceeding gains, or in the literal sense, something that makes a mess on your floor. In cloud terminology, it is simply information the public has access to they should not have, because it was not partitioned from the internet at large due to faulty configurations, weak policies, or intentional sabotage.
How big a problem is it becoming? According to Hackmageddon, the amazing cyber incident repository, of reported incidents so far in 2023, five terabytes of information and six million records have been leaked due to misconfigurations alone. One cloud provider even leads the way with leaky services, accounting for 45% (their market share is about 33%) of known incidents so far this year. Who is responsible for the leaks is another subject cybersecurity professionals love to debate, and it’s something that I plant to tackle another time. The Professional, Scientific and Tech Sector had 33% of those buckets, with Arts, Entertainment and Recreation a very distant second. In a bit of good news, Public Admin and Defense were near the very bottom of the number of leaky buckets so far this year.
Leaky Bucket Hall of Shame
Some of the more interesting ones according to Hackmaggedon are:
- International Spy Museum in Washington, D.C. accidentally exposed credit card authorization forms on a misconfigured S3 bucket.
- CommuteAir had a S. No Fly list exposed with over 1.5 million records of banned flyers and upwards of 250,000 ‘selectees’. This list was available on a hacker’s forum.
- University of Indiana leaked over 1.3 million files of student data containing information from a Beginning College Student Engagement Survey.
- The FIA World Endurance Championship (which is an international sports car racing organization based out of France) leaked Google Cloud storage buckets containing hundreds of passports, government issued IDs, and drivers licenses belonging to their drivers.
- Toyota exposed a whopping 2.1 million customer records that showed car location information of customers for the past 10 years.
Therefore, if you are now worried and want to check out your company exposure to the public for cloud contents, you might be able to find that information at https://buckets.grayhatwarfare.com/ . It is a Freemium site, which has pay options with multiple search and sorting abilities. It is a great security cross checking tool, especially if you can find and fix the problem before damaging exposure has taken place.