More than 60,000 sensitive US military files have been found on a publicly accessible Amazon server by a security researcher.
Security has been a wary high-brow for cloud adopters. The recent incidence of data breach can reaffirm the ‘Security’ concerns.
Amazon Web Services (AWS) are prime cloud infrastructure providers across the world.
Lately, US military data was found exposed on the server — around 60,000 sensitive US military files publicly accessible, the BBC reported lately citing a security researcher.
The files containing passwords for U.S. government systems and security credentials of a software engineer working under defense contractor Booz Allen Hamilton were discovered by cyber resilience firm UpGuard analyst, Chris Vickery.
They were connected to a project for the U.S. National Geo-Spatial Agency, which works on satellite and drone-based surveillance. Vickery said finding the data wasn’t difficult as it was discovered during a routine search of the Amazon Web Service’s simple storage services Simple Storage Service buckets.
The files contained passwords for US government systems and the security credentials of a senior engineer at defence contractor Booz Allen Hamilton (BAH). They were discovered by Upguard analyst Chris Vickery.
In a statement, BAH said no classified data had been stored on the server.
“We have confirmed that none of those usernames and passwords could have been used to access classified information,” the contractor added.
The files were connected to a project for the US National Geospatial-Intelligence Agency (NGA), which deals with satellite and drone surveillance imagery.
BAH said it believed the incident was the result of “an unintentional mistake”.
“As soon as we learned of this mistake, we took action to secure the areas and alerted our client and began an investigation.
“Our client has said they’ve found no evidence that classified data was involved, and so far our forensics have indicated the same”, the company said.
The finding is peculiar, since Amazon Web Service stores public data and U.S. military data is generally stored on the U.S. government’s servers. The logical surmise would be this might be data given to private contractors working for the government, but still the lack of security protocols is surprising, since surveillance data, if exposed, could endanger the military’s operations abroad.