Why are these things called buckets?
Small business loans app blamed as 500,000 financial records leak out of ... you guessed it, an open S3 bucket
A now-defunct mobile app for loaning money to small business owners has been pinned down as the source of an exposed archive containing roughly 500,000 personal and business financial records. The research team at vpnMentor said it traced an exposed database of financial records back to a former Android/iOS app called MCA …
-
Wednesday 18th March 2020 16:50 GMT Pascal Monett
Ok, the lesson to learn here . .
. . is that it is time to stop trusting small startups with your private data.
Yeah, I know, that is going to put a crimp on startups that propose money. In the meantime, we need a certification that proves that the startup knows what security is and knows how to manage cloud accounts.
I know, I'm dreaming. Just don't trust financial startups that don't have a banking charter.
-
Wednesday 18th March 2020 20:27 GMT Snake
Re: Ok, the lesson to learn here . .
It's quite sad, really. When I set up (our) S3 bucket, obscure as some of the optional configurations were, I made it a point to go through them, learn what they did, and set accordingly. As a result my bucket was 'Can be public' from Day 1 of the privacy testing tools rollout, a decent setting.
So some "tech" support, with far more responsibilities and (supposedly) far more training than me, yet far less real-world intelligence, pushes a few buttons and stamps "Done!" to the project. If they are assigning the project to the PFY then they only have themselves to blame for not following up on assurance; if the BOFH is causing these muck-ups then one must, frankly, question their compensation levels.
