New research from Mitiga, a cloud incident management business, reveals that several databases on Amazon RDS (Amazon Relational Database Service) disclosed personally identifiable information (PII).

Ariel Szarf, Doron Karmi, and Lionel Saposnik, who were Researchers, stated that “leaking PII in such a way provides a veritable mine trove for malicious attackers – either during the reconnaissance phase of the cyber death cycle or extortion ware/ransomware operations.”

Also, read Amazon’s Echo smart speakers can be hacked to issue self-commands

Names, email accounts, mobile numbers, birth dates, relationship status, info on rented cars, and even business logins are included.

Relational databases can be established on the Amazon Web Services (AWS) cloud using Amazon RDS, a web service. Multiple database systems are supported, including MariaDB, MySQL, Oracle, PostgreSQL, and SQL Server.

Open RDS snapshots, a function that enables the creation of a backup of the complete database environment running in the cloud and is accessible by all AWS accounts, are the primary cause of the leaks.

extracted data

In its instructions, Amazon advises users to “be assured that nothing of your sensitive information has been included when publishing a snapshot as accessible.” When a picture is publicly available, all AWS accounts are authorized to duplicate it and build DB incidences from it.

Also read Over 1800 Android and iOS apps’ source code provides access to AWS credentials

The Israeli firm said it discovered 810 pictures that were publicly shared for varying lengths of time. The time could range from several hours to a few weeks making them prone to exploitation by bad attackers. The research was done from Sept 21, 2022, to Oct 20, 2022.

The Mitigation

About 250 of 810 pictures’ backups remained visible for thirty days or more, indicating that they had probably been forgotten.

Depending on the type of data revealed, enemies might steal the material for monetary gain or use it to understand better an organization’s IT infrastructure. This could subsequently serve as a springboard for clandestine intelligence collection activities.

It is strongly advised against making RDS snapshots accessible to the general public to guard against the possible leak. It includes abuse of sensitive information or another safety issue. Where appropriate, it’s also advisable to encrypt pictures.