The massive Capital One data breach, disclosed July 29, allegedly involved a misconfigured Web application firewall (WAP) on Amazon Web Services (AWS).
Amazon is working hard to distance itself from the breach, communicating that AWS itself was not hacked -- essentially blaming the breach on a customer that failed to properly configure the cloud firewall. In a statement to Newsweek, an AWS spokesperson said:
“AWS was not compromised in any way and functioned as designed. The perpetrator gained access through a misconfiguration of the web application and not the underlying cloud-based infrastructure. As Capital One explained clearly in its disclosure, this type of vulnerability is not specific to the cloud.”
Still, the statement begs the question: Was AWS actually designed properly? If so, how come so many customers continue to misconfigure their AWS services -- leaving data exposed and potentially open for a hacker to steal?
AWS: User Configuration Errors Lead to Data Leaks
In addition to the Capital One data breach, additional data leaks involving customers and contractors that misconfigured AWS include:
- June 2019: Data management software provider Attunity now owned by Qlik, left massive amounts of backup data exposed on AWS.
- August 2018: An AWS S3 error exposed GoDaddy configuration data from thousands of servers, UpGuard cyber risk management said.
- May 2018: A non-profit organization in Los Angeles County misconfigured an AWS S3 cloud bucket — leaving 3 million records and highly sensitive health information exposed.
- February 2018: FedEx customer identification records were discovered on an unsecured Amazon Simple Storage Service (S3) cloud server, Kromtech Security Center reported.
- October 2017: Accenture Cloud mission critical intellectual property (IP) was exposed via an Amazon Web Services (AWS) cloud leak.
- September 2017: More than 4 million Time Warner Cable customer records were exposed via an AWS cloud leak.
- July 2017: A World Wrestling Entertainment (WWE) database leak exposed the personal information of more than 3 million users.
- July 2017: About 2.2 million Dow Jones subscribers were affected by a data leak that occurred due to a misconfigured AWS cloud account.
In Amazon's defense, the company has taken numerous steps to help AWS customers to properly configure and secure their cloud services. The efforts include launching:
- An AWS Security Hub that provides alerts & compliance status updates across AWS user accounts.
- The AWS re:Inforce conference, which specifically focuses on proper cloud cybersecurity.
- Various MSP and MSSP partner programs to train partners on proper AWS security. (Related: ChannelE2E lists the Top 100 Public Cloud MSPs here.)
Still, user errors and customer misconfigurations continue. The latest example apparently involves the massive Capital One data breach. It makes you wonder: Is it time for Amazon to reconfigure the default settings of AWS -- or warnings when users change settings -- to ensure a more secure security stance for customers?