> "...automated search tools were able to stumble across some 4,000 open Amazon S3 buckets ..."
> "In some cases, more than 10 secrets were found in a single file. These included SQL Server passwords, Coinbase API keys, MongoDB credentials, and logins for other AWS buckets that actually were configured to ask for a password."
> "... the Truffle crew believes that the real danger is that the exposed 'secrets' would have a cascading effect where an attacker could use the exposed keys and credentials to get into other, more secure accounts and services."
https://www.theregister.com/2020/08/03/leaky_s3_buckets/
> "...automated search tools were able to stumble across some 4,000 open Amazon S3 buckets ..."
> "In some cases, more than 10 secrets were found in a single file. These included SQL Server passwords, Coinbase API keys, MongoDB credentials, and logins for other AWS buckets that actually were configured to ask for a password."
> "... the Truffle crew believes that the real danger is that the exposed 'secrets' would have a cascading effect where an attacker could use the exposed keys and credentials to get into other, more secure accounts and services."