A study on Amazon Relational Database Services (Amazon RDS) shows that hundreds of its databases expose users’ personally identifiable information (PII), which could potentially provide threat actors with a resource for data compromise.
Amazon Relational Database Services, or Amazon RDS, is a cloud-based web service that helps users set up relational databases in the AWS cloud. This web service also supports many database engines, including MySQL and Oracle.
Based on the gathered information on this issue, the exposed PIIs at risk of compromise include full names, email addresses, birthdates, phone numbers, car rental details, marital status, and company login credentials.
The databases’ leaks originated from the Amazon RDS ‘snapshots’ feature, which creates a backup of an entire cloud-based database environment that is easily accessible by all AWS user account owners.
From Amazon’s advisory, users are advised to be aware of not sharing private information when sharing a snapshot publicly. All publicly shared snapshots can permit all AWS account users to copy the shared snapshots and create database (DB) instances from them.
In a study from September 21 to October 22 this year, the researchers discovered 810 publicly shared Amazon RDS snapshots in varied duration, ranging from a few hours to weeks, which the researchers said allow threat actors to abuse them for cybercriminal intents.
More than 250 snapshots out of the discovered 810 have been exposed for a month, indicating that its uploaders have likely forgotten them, thus raising the risk of being abused by hackers.
These exposed PIIs could be stolen and used for financially motivated cybercriminal campaigns or utilised for covertly learning about a company’s IT environment, which could lead to a vector for potential initial access.
Amazon and security experts strongly recommend users avoid sharing their RDS snapshots with the public, so they can also avoid potential compromise and data misuse from threat actors. Encrypting these snapshots where applicable can also be helpful for the users’ online safety.
