"Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data"

New research from Mitiga, a cloud incident response company, reveals that hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing Personally Identifiable Information (PII). According to researchers, this kind of PII leakage presents threat actors with a potential gold mine, either for extortionware/ransomware campaigns or the reconnaissance stage of the cyber kill chain. Names, email addresses, phone numbers, dates of birth, marital status, information on rented cars, and even company logins are included in the leak. Relational databases can be set up in the Amazon Web Services (AWS) cloud using Amazon RDS. Various database engines are supported, including MariaDB, MySQL, Oracle, PostgreSQL, and SQL Server. Public RDS snapshots, a feature that enables the creation of a backup of the entire database environment running in the cloud and is accessible by all AWS accounts, is the primary cause of the leaks. According to Amazon's documentation, users must ensure that none of their private information is present in the public snapshot before sharing it. When a snapshot is made publicly available, all AWS accounts have the ability to copy it and use it to build database instances. The researchers discovered 810 snapshots that were publicly shared for varying lengths of time, ranging from a few hours to weeks, making them susceptible to abuse by malicious actors. The research was conducted from September 21, 2022, to October 20, 2022. Over 250 of the 810 snapshots' backups were visible for 30 days or more, indicating that they were probably forgotten. This article continues to discuss the exposure of PII by hundreds of databases on Amazon RDS.

THN reports "Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data"