A misconfigured Amazon Web Services (AWS) S3 bucket recently put Viacom's keys to its cloud kingdom at risk, according to UpGuard, which made the discovery. The Viacom incident is the latest AWS S3 misconfiguration issue to strike a company.
The cloud leak publicly exposed Viacom's master provisioning server running Puppet, which in essence provides a master key to company servers that run its IT infrastructure, claims UpGuard. If malicious attackers got their hands on these secret cloud keys, they could launch attacks using Viacom's servers, storage and databases, the security firm warns.
Other sensitive information found within the 72 .tgz files located in Viacom's S3 bucket with the subdomain "mcs-puppet" included internal access credentials and critical data, notes UpGuard.
UpGuard's Cyber Risk Research Director Chris Vickery discovered the misconfigured AWS S3 bucket on Aug. 30 and notified the company the following day. Viacom secured the AWS account within hours of the notification, according to Upguard.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
Read more about the security incident here.