Cybernews said that WorkComposer exposed more than 21 million images in an unsecured Amazon S3 bucket. The company claims to have more than 200,000 active users.
Fairly common. Setting up proper permissions in AWS isn’t always straightforward and getting permissions to properly integrate with an app can be confusing. I have worked with a lot of people who don’t care about doing things right and only care about making something that works.
One could argue that storing anything in the cloud like that is pretty insecure to begin with. Since those screenshots likely contain private data, they really should be hosting their own solution.
Or, at the very least, providing end to end encryption for that data in the cloud.
How common is this?
Fairly common. Setting up proper permissions in AWS isn’t always straightforward and getting permissions to properly integrate with an app can be confusing. I have worked with a lot of people who don’t care about doing things right and only care about making something that works.
“I have worked with a lot of people who don’t care about doing things right and only care about making something that works.”
I’m not a coder, but I’ve encountered this at just about every job I’ve ever had.
Maybe, but if your not able or don’t know you need to secure your S3 buckets, you shouldn’t be managing infrastructure.
One could argue that storing anything in the cloud like that is pretty insecure to begin with. Since those screenshots likely contain private data, they really should be hosting their own solution.
Or, at the very least, providing end to end encryption for that data in the cloud.