Data Compromise – What the AWS Engineer Leak can Teach us

When an engineer working for AWS accidentally made almost a gigabyte worth of data public, resulting in a massive data compromise, it was Californian Cyber Security company Upguard that came to the rescue, contacting AWS to inform them of the breach.

Greg Pollock, Upguard’s vice president  recieved an alert showing a 954MB repository of AWS resources, including hostnames and log files used to create cloud services, had been made readily accessible on the public internet.

Contained within a public GitHub repository were credentials, auth tokens, API keys for third-party providers, and AWS key pairs. Documents containing personal information including bank statements, correspondence between the owner and AWS customers, and the owners full name were also included within the repository.

The breach identified credentials related to an AWS DevOps Cloud Engineer, including their full name. Some of the sensitive information also included hostnames of AWS customers likely being assisted by the AWS engineer. The data remained online for five hours. While Amazon was able to take immediate action, five hours gives plenty of time for cyber criminals to find secrets like these.

As a massive community encouraging the public collaborative development of software, secret leaks like these within GitHub public repositories are not uncommon. Common developer practices, such as adding secrets like API Keys to code mean thousands of secrets can be leaked to public repositories every day. This was first discovered in 2013 when it was revealed the GitHub search tool could be targeted with strings to find keys and passwords.

AWS is no stranger to security breaches in the past, such as the infamous 2019 Capital One data theft incident which affected 106 million people.

As the largest global provider of public cloud services, including the provision of on-demand cloud computing platforms and APIs to individuals, and private and federal organisations (In 2017 AWS was reported to own a dominant 34% of all cloud, leading the market ahead of Microsoft, Google and IBM) the scale of potential data loss or compromise within AWS is enormous.

Data loss or compromise results in lost time for organisations, with a long-lasting impact on an organisations bottom line. A significant data loss could mean an organisation never fully recovers, with 51% of organisations that have experienced these significant losses closing within two years of an incident.

Human error is still the number one cause of data loss or compromise, as in the case of one absent-minded AWS engineer this year.

How to Prevent Data Loss or Compromise:

Even on the most secured systems there is still the potential for human error. Social engineering is an incredibly effective method criminals can use to create an environment in which staff, and the data they have access to, fall into their hands.

Minimising Data Loss or Compromise:

How can we minimise accidents like these when the cause is human nature?

1.    Prevent Tech Resources from putting secrets into code:

Take notes from the AWS story and don’t let your developers keep secret info in source code. Secrets can be anything from database credentials, passwords, API keys from third parties, and much more. These should be encrypted at least. Managing secrets correctly can help improve your overall organisational security posture and prevent compromise.

2.    Use a combination of cloud service providers for data storage:

It is predicted that large enterprises will continue to use a combination of cloud service providers in a best-of-breed hybrid cloud format to aid in disaster recovery planning efforts. Hybrid cloud offers a compelling business case, with control and distribution of the computing environment being the main features. It’s that distribution that make hybrid cloud a way to mitigate data compromise.

3.    Operate a zero trust environment:

Not everything in your network can be trusted. Particularly not the people. Zero trust eliminates trust and provides consistent visibility and enforcement whether on premises or in the cloud. Zero Trust requires the right users having access to the right data.

Data breaches like the one experienced by AWS are common, and they aren’t going anywhere.  The most notable point in this story was how quickly the data itself was found, allowing AWS to take action immediately.


Cogito Group is an award-winning cybersecurity company specialising in authentication, cloud security, identity management and data protection. Cogito Group protect the authentication methods used to access information through the use of Identity and other security technologies.