Very Public Cloud

Written by:
Date Posted:
16 February 2018

Some anon hackers have released a tool that lets anyone search for unsecured private data on AWS.

As you’ll know, AWS provides a service called S3 (Simple Storage Servers). Seems they are just as simple as they sound. Buckhanger, the name of the tool, let’s anyone crawl AWS buckets and search for data from private companies, governments, universities and more.

It’s basically Google, but for unsecured private data.

“The purpose of the project is to increase the awareness on bucket security, too many companies was [sic] hit for having wrong permissions on buckets in the last years,” said one of the devs, who obviously wants to stay anonymous.

Where’s the bucket? 
Buckhacker lets you search by bucket name, which could be a company name or something, or filename. It’s pretty barebones but wasn’t meant to go live just yet. The developer told Motherboard:

“I was sharing the project privately with some friends but unfortunately then we go public before the time. Actually we are even thinking to shutdown it because is quite unstable.”

Crawling holes
Crawling through AWS holes isn’t new, there were geeky CLI tools around in the past. This is the easiest to use tool released to date though.

Oddly, Amazon didn’t respond to our request to comment.

Rating: 5.0/5. From 2 votes.
Please wait...

Recommended Videos

Find out why Safestore adopted Hyve as their hosting provider

Case Studies

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.