back to article McGraw Hill's S3 buckets exposed 100,000 students' grades and personal info

Misconfigured Amazon Web Services S3 buckets belonging to McGraw Hill exposed more than 100,000 students' information as well as the education publishing giant's own source code and digital keys, according to security researchers. The research team at vpnMentor said they discovered the open S3 buckets on June 12, and contacted …

  1. PhoenixKebab
    FAIL

    Published but unread

    That's not much of an endorsement of the AWS Security books that they publish.

  2. Potemkine! Silver badge

    It's not the first time this happens. Shouldn't these buckets be secured by default?

    == Bring us Dabbsy back! ==

    1. Anonymous Coward
      Anonymous Coward

      They ARE secure by default with only the private owner account having access - adding public access requires permissions to be granted by an administrator.

      However a combination of the JFDI approach to problem solving and admins assuming they are JUST granting filesystem permissions and something else will manage security (i.e. the typical on-prem model) means mistakes are made.

  3. John H Woods

    They should be ...

    ... and they are.

    Just create yourself a free AWS account and then create one if you don't believe me.

    1. David 140

      Re: They should be ...

      Yeah, but I don't think that was the case a few years ago. And if the buckets were created then___

      1. Mike 137 Silver badge

        Re: They should be ...

        "There's a hole in my bucket, dear Liza, dear Liza..."

        A common problem is that client side devs disable the security to get their applications working, and then neglect to enable it again before they go live. Sometimes, they develop applications that won't even work with security enabled.

  4. Gene Cash Silver badge

    "could face enforcement actions"

    Good. That's the only way these people will start paying attention to security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like