A little known fact is that many data breaches are as a result of sloppy system administration, and the hackers know this. If the banks routinely left their back doors open and provided a direct path to the safes, it would not take long before criminals would be inside. But no one can imagine this ever happening. So why do so many sensitive, cloud based databases make it easy for cyber criminals to steal information? It could be due to the rapid growth in cloud computing, or perhaps the shortage of skilled computer administrators, but what is not helping the severe lack of cyber security professionals. This problem has to be addressed as a matter of urgency.
During the past year, there has been a surge in data breach reporting regarding Amazon S3 servers left accessible online, and which were exposing private information from all sorts of companies and their customers. In almost all cases, the reason was that companies, through their staff, left Amazon S3 "buckets" configured to allow "public" access. This means that anyone with a link to the S3 server could access, view, or download its content. The problem is that most companies believe that if they're the only ones knowing the database's URL, they are safe. This is not true. Attackers can obtain these URLs using MitM attacks on corporate networks, accidental employee leaks, or by brute-forcing domains for hidden URLs.