Updated on 2022-12-29: AWS S3 new defaults
After a quatrabazillion incidents where customers accidentally left S3 buckets exposed on the internet and leaked their companies’ sensitive data online, the super-geniuses at AWS have finally decided to change the S3 defaults from open to “block public access.” This will become the default policy for all new S3 buckets in April 2023, meaning that if you want the content of your S3 bucket to be publicly accessible, you will have to deploy an ACL rule to make it so. Read more: Advanced Notice: Amazon S3 will automatically enable S3 Block Public Access and disable access control lists for all new buckets starting in April 2023
Overview
Sensitive information of more than 100,000 students was left publicly exposed due to misconfigured AWS S3 buckets belonging to McGraw Hill. These unprotected buckets contained more than 22 TB of data and over 117 million files and were fixed on July 20. Read more: McGraw Hill’s S3 buckets exposed 100,000 students’ grades and personal info