The entertainment giant is the latest company to misconfigure its Amazon Web Services S3 cloud storage bucket.
A misconfigured Amazon Web Services (AWS) S3 bucket recently put Viacom's keys to its cloud kingdom at risk, according to UpGuard, which made the discovery. The Viacom incident is the latest AWS S3 misconfiguration issue to strike a company.
The cloud leak publicly exposed Viacom's master provisioning server running Puppet, which in essence provides a master key to company servers that run its IT infrastructure, claims UpGuard. If malicious attackers got their hands on these secret cloud keys, they could launch attacks using Viacom's servers, storage and databases, the security firm warns.
Other sensitive information found within the 72 .tgz files located in Viacom's S3 bucket with the subdomain "mcs-puppet" included internal access credentials and critical data, notes UpGuard.
UpGuard's Cyber Risk Research Director Chris Vickery discovered the misconfigured AWS S3 bucket on Aug. 30 and notified the company the following day. Viacom secured the AWS account within hours of the notification, according to Upguard.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
Read more about the security incident here.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024