A new study from Mitiga, a cloud incident response business, reveals that several Amazon Relational Database Service (Amazon RDS) databases are leaking personally identifiable information (PII). Names, dates of birth, email addresses, phone numbers, marital status, info on rented cars, and even business logins are a part of this leaked data.
“Leaking PII in this manner provides a potential treasure trove for threat actors – either during the reconnaissance phase of the cyber kill chain or extortionware/ransomware campaigns,” researchers Ariel Szarf, Doron Karmi, and Lionel Saposnik said in a report.
Relational databases may be set up on the Amazon Web Services (AWS) cloud using Amazon RDS, a web service. Several database engines are supported, including MariaDB, Oracle, PostgreSQL, MySQL, and SQL Server. Public RDS snapshots, a feature that allows the creation of a backup of the complete database environment operating in the cloud and is manageable by all AWS accounts, are the primary cause of the leaks.
Ensure none of your personal information is included in the public snapshot before sharing it, advises Amazon in its instructions. When a snapshot is publicly revealed, all AWS accounts can copy it and use it to build DB instances. The Israeli business said it discovered 810 pictures that were publicly released for varied amounts of time, ranging from a few hours to weeks, leaving them susceptible to exploitation by hostile actors. The study was performed from September 21, 2022, to October 20, 2022. More than 250 of the 810 snapshots’ backups remained visible for 30 days or more, signifying they were probably forgotten.
Depending on the type of information revealed, enemies could steal the material for personal financial gain or use it to gain a better understanding of an organization’s IT infrastructure, which might subsequently serve as a springboard for clandestine intelligence collection activities. It is strongly advised against making RDS snapshots accessible to the general public to guard against the potential leak or abuse of sensitive data or any other security issue. Where appropriate, it’s also advisable to encrypt snapshots.