public mistakes lead to very public disclosures

News about the disclosure of RNC files is everywhere this week. But I just want to point to a comment thread about the topic over on Reddit. News like this is very watered down, usually, and we don’t get proper context due to lack of back-and-forth. Though, to be fair, UpGuard’s write-up is pretty thorough!

What’s the bottom-line deal? Data that should have been private was placed onto Amazon’s S3 cloud platform, and then made public without proper access control in place. Someone found it. Game over.

Mistakes (and it likely is just a mistake) like this are made all the time, but they usually get made behind the curtain of a private network. None of us hear about them, and they likely don’t get abused, or if they do, it’s found and fixed silently. But those mistakes made on the public cloud platforms becomes a very big deal. Get smurt about cloud security! Companies cannot treat data in the cloud with the same lack of care that they do with internal privileges and access.

Leave a Reply

Your email address will not be published.