back to article Millions of scraped public social net profiles left in open AWS S3 box

US social network data aggregator LocalBlox has been caught leaving its AWS bucket of 48 million records – harvested in part from public Facebook, LinkedIn and Twitter profiles – available to be viewed by anyone who stopped by. Security biz Upguard wandered by on February 18, and found the publicly accessible files in a …

  1. Phil O'Sophical Silver badge

    This won't stop until the CEOs of the companies concerned start getting serious penalties, in the $m/jailtime range. They need to be taught that personal data is something they have to look after. Just securing it after they've been caught isn't enough.

    1. steviebuk Silver badge

      Jail time....

      ....is a bit extreme unless they did it maliciously. Fining their company and them personal based on their wage or wealth would be a start. I mention their wealth as they could hide their wage by just paying themselves a $1 a year or month like Steve Jobs use to (I'm not suggesting he did it for nefarious reasons. Just only example I know of where he paid himself $1)

  2. chivo243 Silver badge
    Devil

    S3?

    Selfservice 3... to all that yummy data. Can't wait for the online DB to check if my name is somehow present?

    1. gerdesj Silver badge

      Re: S3?

      https://haveibeenpwned.com/

  3. Robert Helpmann?? Silver badge
    FAIL

    Default access

    ...should be set to allow only the owner/creator. I'm only starting to deal with systems in AWS and haven't set any up, so maybe that is the default and the folks responsible for this wen out of their way to screw things up. Maybe there were no tools that would allow the auditing of permissions. Maybe the cat's out of the proverbial bag and the only thing we can do is to point and laugh so those who made this mistake know to never do it again.

    1. Phil Endecott Silver badge

      Re: Default access

      > maybe that [no public access] is the default

      Yes, it’s the default.

      Trouble is when you want to share a file on S3 with someone else, your choice is either

      (a) do some fancy thing to make a single-use time-limitted URL that you can share, or

      (b) make the content public temporarily - with the danger of forgetting to change it back to private afterwards.

      I think this must explain many of the S3 screwups we’ve heard about.

  4. GnuTzu Bronze badge
    FAIL

    Hall of Shame Just for S3 Buckets

    How long would the list be now?

    1. Oengus Silver badge
      Coat

      Re: Hall of Shame Just for S3 Buckets

      Simple answer

      As long as the list of S3 buckets...

  5. Flakk Silver badge

    Poorly configured AWS S3 buckets have been an source of shame for Amazon Web Services and its users.

    I'm not sure why a poorly configured S3 bucket is a source of shame for AWS, any more than a poorly configured router would be a source of shame for Cisco.

    To borrow parlance from gamers: "git gud". Before you do something, understand what you're doing and why. Ask questions. Read the strat guide. Grind it out in QA. If you fail to do these things and put yourself and your employer at risk, the shame is yours.

    1. Destroy All Monsters Silver badge
      Windows

      It's json data,

      That points to JavaScriptolicious developers. The current year's "fast, productive, web-scale" mindset is likely to apply, visionarily driven by PHB's "big data" (more like "burp data") vision

      These guys develop ultra-complex stuff before gitting gud in any way, shape or form. Or reading the manual for that matter.

  6. Mark 85 Silver badge

    Facebook again involved?

    I do believe it's time to nuke them from space* and put and end to screwing over just about every one on the planet. Although, from reports, there damn few left who haven't been slurped, filed, indexed, and sold.

    *Nuke several times as it's the only way to be sure.

    1. Anonymous Coward
      Anonymous Coward

      Re: Facebook again involved?

      Don't forget all the {cough, cough} backup copies scattered all over the world.

      You know the ones that they can use to tell you that 'Yes, we have deleted all your crap...'. People will forget about the dozens of copies that they hold that are scattered all over the globe.

      20 seconds after you have agreed that it is gone, the DB's will notice a discrepancy and restore 'your crap' from one of said backup copies.

      FaceBook really is BigBrother. There is simply no getting away from BB.

      They are worse than any government yet known for spying on you and your life.

  7. Anonymous Coward
    Anonymous Coward

    Facebook?

    Zuckerberg, testifying before Congress in the wake of the Cambridge Analytica scandal, insisted Facebook users have control over their data. From this case it looks more like no one has much control over it.

    Had a profile on there years ago, went back the other day and tried to delete my account, facebook won't comply, wants a scan of my ID card ? WTF ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019