9/19/2017
02:11 PM

Viacom's Secret Cloud Keys Exposed

The entertainment giant is the latest company to misconfigure its Amazon Web Services S3 cloud storage bucket.



A misconfigured Amazon Web Services (AWS) S3 bucket recently put Viacom's keys to its cloud kingdom at risk, according to UpGuard, which made the discovery. The Viacom incident is the latest AWS S3 misconfiguration issue to strike a company.

The cloud leak publicly exposed Viacom's master provisioning server running Puppet, which in essence provides a master key to company servers that run its IT infrastructure, claims UpGuard. If malicious attackers got their hands on these secret cloud keys, they could launch attacks using Viacom's servers, storage and databases, the security firm warns.

Other sensitive information found within the 72 .tgz files located in Viacom's S3 bucket with the subdomain "mcs-puppet" included internal access credentials and critical data, notes UpGuard.  

UpGuard's Cyber Risk Research Director Chris Vickery discovered the misconfigured AWS S3 bucket on Aug. 30 and notified the company the following day. Viacom secured the AWS account within hours of the notification, according to Upguard.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Read more about the security incident here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service