December 13

1 comments

Warning – Amazon S3 Accounts Are Easily Hacked if Not Locked!

Author Image

By Business Coach James Hooper

December 13, 2012

Share0
Tweet0
Share0

If you use Amazon AWS S3 accounts – you better read this little post…

How Many Babies Every Second?
Your Amazon S3 Account is not locked – Oh no!

How To “Hack” Millions of Amazon S3 Accounts In 14 Seconds or Less…

I want to share a security gap that an amazing number of internet marketers are blissfully ignorant about.  In summary – if you are using Amazon S3 to store your data – IT NEEDS TO BE LOCKED!  If this is you – then read on – and do contact me with questions if that can help you.

So – you are going to purchase a digital product – are even just curious about a competitor.    Could just buy it – but first – is it available for free because they are using Amazon S3?

This is how you tell.  In a google search box type the likely name that it would be called – I usually just put the website name – the part before .com.  And then in the box type s3.amazon.aws.com, press go.  If there is no security – Google search results will show a file or two from the account.  Just highlight the web address of the account, paste it into a browser and the the main page will open – and all the files will be available to download – just by copying the file onto the end of the url you are at.  Eg a file might bigexpensivesecretreport.pdf – just copy and past that onto the end:  yourwebname.s3.amazon.aws.com/bigexpensivesecretreport.pdf  and it will download.

Did you hear that everyone who has an S3 account for your cloud?  Try it.

I am NOT suggesting you wander around hacking/walking into peoples S3 accounts – I am saying to check your security if you use Amazon S3 for data storage or sharing.  If I have stumble across this – there are likely thousands of others who also know.

I have tested for a large number of accounts – and most have the doors open.  MP3, pdf, wav, mp4, doc – everything is public.

Just thought you should know.

James

 

Share0
Tweet0
Share0

Business Coach James Hooper

Share0
Tweet0
Share0
About the author

Townsville based James Hooper: The term "rainmaker" is becoming regularly used in business context as someone whose role is to 'make rain' or 'create growth' in your business. In some senses the term 'business coach' is limiting as it is primarily about optimizing the effectiveness of the owner/operator. Sometimes the leverage is in the business systems rather than in the operator - and focus on that produces the preferred outcomes. Business is a game, a puzzle, a tool to get you what you want in life. Call me for a second opinion (other than yours) on how to make your business give you what you want it to.

Leave a Repl​​​​​y

Your email address will not be published. Required fields are marked

  1. Versioning’s MFA Delete capability, which uses multi-factor authentication , can be used to provide an additional layer of security. By default, all requests to your Amazon S3 bucket require your AWS account credentials. If you enable Versioning with MFA Delete on your Amazon S3 bucket, two forms of authentication are required to permanently delete a version of an object: your AWS account credentials and a valid six-digit code and serial number from an authentication device in your physical possession. To learn more about enabling Versioning with MFA Delete, including how to purchase and active an authentication device, please refer to the Amazon S3 Technical Documentation .

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Direct Your Visitors to a Clear Action at the Bottom of the Page

Clear Call To Action Button