Amazon RDS Snapshots Expose Sensitive Data

By

Researchers have found leaks in the form of publicly shared Amazon RDS snapshots.

Amazon RDS, a cloud-based backup service, can leak personally identifiable information (PII) to the public Internet, reports Elizabeth Montalbano.

The vulnerability was found by the Mitiga Research Team, which discovered numerous Amazon RDS snapshots being shared publicly, Montalbano says. “Some of the exposures last for months, and some for just a short period of time, in both cases potentially allowing threat actors to take advantage,” the researchers noted in a recent blog post.

"These snapshots can be shared across different [Amazon Web Services] accounts – in or out of the on-premises organization, as well as AWS accounts that make the RDS snapshots publicly available," the researchers said. "With that, one might unintentionally leak sensitive data to the world, even if you use highly secure network configuration."

Read more at Dark Reading.

11/28/2022

Related content

comments powered by Disqus