If you use Amazon AWS S3 accounts – you better read this little post…
Your Amazon S3 Account is not locked – Oh no!
How To “Hack” Millions of Amazon S3 Accounts In 14 Seconds or Less…
I want to share a security gap that an amazing number of internet marketers are blissfully ignorant about. In summary – if you are using Amazon S3 to store your data – IT NEEDS TO BE LOCKED! If this is you – then read on – and do contact me with questions if that can help you.
So – you are going to purchase a digital product – are even just curious about a competitor. Could just buy it – but first – is it available for free because they are using Amazon S3?
This is how you tell. In a google search box type the likely name that it would be called – I usually just put the website name – the part before .com. And then in the box type s3.amazon.aws.com, press go. If there is no security – Google search results will show a file or two from the account. Just highlight the web address of the account, paste it into a browser and the the main page will open – and all the files will be available to download – just by copying the file onto the end of the url you are at. Eg a file might bigexpensivesecretreport.pdf – just copy and past that onto the end: yourwebname.s3.amazon.aws.com/bigexpensivesecretreport.pdf and it will download.
Did you hear that everyone who has an S3 account for your cloud? Try it.
I am NOT suggesting you wander around hacking/walking into peoples S3 accounts – I am saying to check your security if you use Amazon S3 for data storage or sharing. If I have stumble across this – there are likely thousands of others who also know.
I have tested for a large number of accounts – and most have the doors open. MP3, pdf, wav, mp4, doc – everything is public.
Just thought you should know.
James