Amazon has some egg on its face today. It has been discovered that thousands of personal and business Amazon cloud accounts are completely public. So public that anyone could dip into business or personal files at any time. So public that sensitive documents have potentially been leaked.
How could this happen? Apparently, there's a little "private" button that must be checked when setting up an Amazon cloud account. If that button remains unchecked, all documents are public domain. Uh-Oh, Amazon has really done it this time!
Mad, Mad, Men
A man by the name of Will Vandevanter uncovered Amazon's lack of security secret. Vandevanter is a security researcher, and he has been doing some snooping. By using URLs of well-known brands and companies that rely on Amazon's cloud, Vandevanter has discovered Amazon's amazingly careless downfall.
Of the 12,000 accounts Vandevanter explored, almost 2,000 were accidentally public. That means that images, documents, and all kinds of important company files were left for prying eyes (and corporate spies) to look at. Amongst those files left out in the open was one "medium-sized social media site." This site (not yet named) was allowing (albeit, unknowingly) the public to view user photographs -- yikes!
How the Mistake Was Made
But, wait, shouldn't Amazon automatically protect its cloud users from such embarrassment? Well, yes. Technically, Amazon's cloud accounts are set to "private" as a default measure. However, this setting can be easily tampered with through manual manipulation or during reconfiguration. So, if someone that works for one of these major companies didn't know what they were doing, that private default could have been turned into a public viewing.
So, is it Amazon's fault if users made major public mistakes? Well, not really, but that doesn't meant that Amazon's PR team isn't working around the clock to fix this boo-boo. Amazon has been working feverishly to warn S3 clients that some files might be public. The company has put out a release stating that they are taking Vandevanter's findings seriously.
What to Do, What to Do
Think that your account might have been mistakenly public? Before you yell at Amazon, make sure that your account is private by checking your settings and options. If your account is private and always has been, you are probably in the clear. If not, double-check that setting option. No, wait, triple check -- you don't want your pics and files available for the world to see!
Then, you can pick up the phone and blame Amazon for not making this option more obvious. I'm sure it was written in the fine print somewhere, but most S3 users had no idea that they had to actually check a "private" option.
Before you go running for the hills denoting all cloud servers as unsafe or bad, keep in mind that Amazon's default setting was actually private, and that this is largely a user mistake. In short, the cloud isn't an unsafe place, unless you (or one of your employees) have careless hands.