Updated on 2022-12-29: AWS S3 new defaults
After a quatrabazillion incidents where customers accidentally left S3 buckets exposed on the internet and leaked their companies’ sensitive data online, the super-geniuses at AWS have finally decided to change the S3 defaults from open to “block public access.” This will become the default policy for all new S3 buckets in April 2023, meaning that if you want the content of your S3 bucket to be publicly accessible, you will have to deploy an ACL rule to make it so. Read more: Advanced Notice: Amazon S3 will automatically enable S3 Block Public Access and disable access control lists for all new buckets starting in April 2023
Overview
Sensitive information of more than 100,000 students was left publicly exposed due to misconfigured AWS S3 buckets belonging to McGraw Hill. These unprotected buckets contained more than 22 TB of data and over 117 million files and were fixed on July 20. Read more: McGraw Hill’s S3 buckets exposed 100,000 students’ grades and personal info
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
