Very Public Cloud

Written by:
by Damian Jennings
Date Posted:
16 February 2018

Some anon hackers have released a tool that lets anyone search for unsecured private data on AWS.

As you’ll know, AWS provides a service called S3 (Simple Storage Servers). Seems they are just as simple as they sound. Buckhanger, the name of the tool, let’s anyone crawl AWS buckets and search for data from private companies, governments, universities and more.

It’s basically Google, but for unsecured private data.

“The purpose of the project is to increase the awareness on bucket security, too many companies was [sic] hit for having wrong permissions on buckets in the last years,” said one of the devs, who obviously wants to stay anonymous.

Where’s the bucket? 
Buckhacker lets you search by bucket name, which could be a company name or something, or filename. It’s pretty barebones but wasn’t meant to go live just yet. The developer told Motherboard:

“I was sharing the project privately with some friends but unfortunately then we go public before the time. Actually we are even thinking to shutdown it because is quite unstable.”

Crawling holes
Crawling through AWS holes isn’t new, there were geeky CLI tools around in the past. This is the easiest to use tool released to date though.

Oddly, Amazon didn’t respond to our request to comment.

Rating: 5.0. From 2 votes.
Please wait...

Leave a Reply

Be the First to Comment!

Notify of

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.