• Follow us

Internet

Amazon Cloud Storage Dilemma Exposed in Facebook's Latest Leak

(Bloomberg) -- After security researcher Chris Vickery discovered millions of records from Facebook Inc. users sitting unsecured on a public database, he tried for weeks to get Amazon.com Inc., owner of the servers where the data were stored, to take it down.

“We’re looking into the situation and assessing any extra steps we can take,” came the response from Amazon security staff on Feb. 21 -- three weeks after Vickery initially brought the data exposure to Amazon’s attention.

The trove in question included 540 million pieces of information, such as identification numbers, comments, reactions and account names, that had been culled from Facebook pages and stored on Amazon servers by Mexico City-based digital platform Cultura Colectiva. The records were accessible and downloadable for anyone who could find them online, and they didn’t get taken down until April 3, after Facebook -- alerted by Bloomberg News -- contacted Amazon.

The slow-footed response underscores a dilemma faced by businesses like Amazon Web Services, which along with cloud computing behemoths Microsoft Corp. and Alphabet Inc.’s Google, generate billions of dollars in revenue by providing storage and other computing services via remote data centers. Were Amazon to shut down a customer’s services, it could open itself to lawsuits and risk broken trust with clients, said Sean Curran, who advises companies on security issues for consulting firm West Monroe Partners. “It really is a gray area between [Amazon’s] responsibility and the customer’s,” he said.

Amazon views itself as responsible for the servers that populate data centers, and its customers should be in charge of the information that gets stored there, Vickery said. “Companies like Amazon Web Services push a narrative of a shared responsibility model, where they’re responsible for the hardware,” he said in an interview with Bloomberg TV. “And then it’s up to the ones who are paying to store the data to correctly configure their storage instances to make sure anyone on the internet can’t access it.”

Vickery said he also reached out to Cultura Colectiva to take down the data, but didn’t receive a reply.

Whatever role Amazon should play, the episode is only the latest embarrassment for Facebook, still smarting from revelations last year that the company lost track of data that it shared with third parties. Facebook for years allowed anyone making an app on its site to obtain information on the people using the app, and those users’ friends. Once the data left Facebook’s hands, the developers were able to do whatever they wanted with it.

Facebook, in a statement, said it worked with Amazon to take down the database. It’s unclear whether Amazon pulled the plug itself, or persuaded Cultura Colectiva to take the files offline.

AWS customers “own and fully control their data,” Amazon said in a statement. “When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here.”

Amazon has grown into the world’s biggest provider of on-demand data storage and computing power in part by pledging to big companies that their data will be as private in the cloud as it was sitting in a back-room server.

“They just don’t want to start a precedent of them meddling with the data,” Vickery said, back when he was having trouble getting Amazon to take it down. “If they start shutting down access to data breaches, they start getting into liability a bit more. They’re in a sticky situation.”

On its website, AWS says customers maintain ownership of the data they upload to the service. “We do not access or use your content for any purpose without your consent,” the company said. Microsoft and Google make similar guarantees about their cloud businesses.

Even so, once Amazon becomes aware of information that shouldn’t be publicly available, it should quickly take steps to make the data private, said Ashkan Soltani, a privacy researcher and former chief technology officer at the Federal Trade Commission.

Vickery concurs. “I would hope that when they were notified they would have taken more steps to close it off,” he said.

Amazon’s terms of service give the company wide latitude to remove content it deems illegal. In cases where content infringes on the rights of a third party, Amazon can disable a service with two days notice.

After a series of inadvertent exposures of information stored on AWS’s Simple Storage Service in recent years, the company made it more difficult for its customers to make data public facing in the first place, peppering the service with warning notices when something is exposed, and giving administrators easier options to shut down open databases.

Read More



Leave A Comment

More News

ITProPortal

The biggest challenges of building a custom chat 2019-04-02 06:30:46Like everything worthwhile in life, building a chat app will pose some challenges.

CloudFlare adds free VPN to DNS app 2019-04-02 06:30:18It promises more speed, reliability, security and privacy.

Google+ finally closes down 2019-04-02 06:00:55Pages and profiles are getting deleted from today.

Insurers who don’t digitally transform risk being left 2019-04-02 06:00:08Insurtechs, and more worryingly Big Techs, are eyeing up how they seize distribution.

Avoiding AI's darkest future - is ethical AI 2019-04-02 05:30:04The guidelines for AI security and ethics needs to be established.

Making Tax Digital is as much about cultivating 2019-04-02 05:00:04Making Tax Digital is a watershed moment for an industry that has been on the trailing edge of digitalisation, it will take skill to survive the futur

The ROI of customer data 2019-04-02 04:30:42Clucas discusses how organisations can create opportunities for data collection and strategies to effectively leverage insights.

Engineering culture - The key to successful digital 2019-04-02 04:00:33Is your engineering culture affecting the success of your digital delivery?

What is ransomware? Everything you need to know 2019-04-01 11:09:40Ransomware: What’s new 01/04 - FEATURE - Alastair Bloom/Logicalis UK - Theft, ransomware and vandalism- Securing your data is getting tougher -

Google reveals how it keeps the Play Store 2019-04-01 07:30:33If you're only downloading apps from the Play Store, you're safe, says Google.

Planet Hollywood owner suffers major user data breach 2019-04-01 07:00:23Details on millions of credit cards stolen.

Public cloud adoption – which approach is right 2019-04-01 06:30:38As uncertainty remains the mood of Britain, companies are prioritising digital transformation programmes to ensure continued growth.

Dev Pro

Microsoft Edge Chromium Browser Available for Testing 2019-04-08 13:39:00Microsoft takes another step in their continuing trend of delivering products and services aimed at a heterogeneous enterprise. This time it is Micros

Internal Google Panel to Vet AI Projects Packed 2019-04-08 11:47:00Google has been at the center of a widening public debate over how automated systems might disadvantage vulnerable groups or lead to large-scale

xMatters Incident Management Tool Adds Stackdriver Integration 2019-04-07 07:16:00xMatters' integration with Google Cloud Stackdriver automates incident management for DevOps.

Defining Digital Transformation at Cloud Foundry Summit 2019-04-05 21:46:00ITPro Today was in Philadelphia this week to attend the Cloud Foundry North American Summit. In this video, we take you on the show floor and seek out

Fertility Database Relies on Blockchain for Security 2019-04-05 15:37:00FRTYL is trying to put families' minds at ease through the use of blockchain for security.

Facebook Found to Host Cybercriminal Groups Trading Stolen 2019-04-05 13:53:00Facebook Inc. housed dozens of cybercriminal groups that set up shop on the platform as online marketplaces to sell a variety of illegal services, suc

G Suites' Core App GMail Launched 15 Years 2019-04-05 12:56:00The cloud-based email service has become the core element of Google's G Suite productivity suite, and although it still lags behind competitors for k

Microsoft Vows to Focus on Gender Harassment Amid 2019-04-05 12:04:00Microsoft Corp.’s top executives pledged to discuss diversity and harassment issues at monthly employee meetings after complaints about sexual m

Google Scraps New AI Ethics Council After Staff, 2019-04-05 11:59:00“It’s become clear that in the current environment, ATEAC can’t function as we wanted,” Google said Thursday in a statement. &

Hannover Messe Provides Preview of Industrial AR’s Promise 2019-04-05 11:32:00Augmented reality was a star of Hannover Messe. But adoption of industrial AR will likely be first limited to defined use cases.

5 Questions with Google Cloud Director of Learning 2019-04-05 11:17:00Google cloud certifications offer IT pros the ability to prepare for the evolving job market, director, Google Cloud Learning and Enablement, Rochana

Amazon Cloud Storage Dilemma Exposed in Facebook's Latest 2019-04-04 13:35:00The trove in question included 540 million pieces of information, such as identification numbers, comments, reactions and account names, that had been

TechRadar: Internet news

The best Sky TV deals, packages and Sky 2019-04-09 07:06:22Save money on the latest Sky packages as we examine the latest deals including Sky Q boxes.

Amazon has slashed prices on Samsung Note 8 2019-04-09 07:01:24Get a superb SIM-free Samsung this spring - we've never seen Note 9 deals as cheap as they are now at Amazon.

AMD Ryzen CPUs continue to dominate Intel chips, 2019-04-09 06:53:58AMD actually holds an almost 70% processor market share, going by the figures from one retailer.

Revolutionary Algorithmic Lace bra wins the 2019 Lexus 2019-04-09 06:46:23Other finalists include a device for harvesting waste energy from jet engines, and a material made from desert sand.

Why you need to make the right call 2019-04-09 06:30:22Aptean's James Wood explains that although call centres have a bad reputation among customers, it doesn't have to be that way.

The Honor 20 Lite could have three rear 2019-04-09 06:28:10A report about the Honor 20 Lite suggests it could have cameras that are almost as good as the Huawei P30's.

Openreach connects 1.2m properties to FTTP 2019-04-09 06:21:26BT-owned Openreach adds 14,000 premises every week

The 10 best DSLRs you can buy in 2019-04-09 06:13:26Buying a DSLR can be a daunting task, but you'll be on the way to choosing the right camera with our expert guide.

CorelDRAW Graphics Suite 2019 offers hobbyists and professionals 2019-04-09 06:06:48A great image editing suite for hobbyists and pros alike.

Microsoft opens a plugin store for the new 2019-04-09 06:06:41The new store already has 118 extensions available to download, and many more are likely to arrive soon.

The 10 best mirrorless cameras in 2019 2019-04-09 06:04:12Coming in all shapes and sizes, our expert guide will help you choose the best mirrorless camera for you.

The 10 best 4K cameras in UAE for 2019-04-09 05:57:16Looking for a camera that's just as at home shooting 4K video as it is stills? Here are our picks to suit a range of budgets.

Enterprise – TechCrunch

WeWork acquires Managed By Q 2019-04-03 13:24:26Managed By Q, the office management platform based out of New York, has today been acquired by The We Company, formerly known as WeWork. Financial ter

Google Drive adds workflow integrations with DocuSign, K2 2019-04-03 12:31:34Google today announced a few new workflow integrations for its Drive file storage service that’ll bring to the service support for some features

Torch takes $10M to teach empathy to executives 2019-04-03 10:11:53When everyone always tells you “yes,” you can become a monster. Leaders especially need honest feedback to grow. “If you look at ric

Rippling raises $45M at $270M to be the 2019-04-03 09:18:02Parker Conrad’s last startup, Zenefits, drowned in busy work. Now with Rippling, he wants to boil that ocean. Instead of trying to nail one thin

Okta unveils $50M in-house venture capital fund 2019-04-03 09:00:49Okta Ventures wants to fund the next generation of identity, security and privacy startups.

Enterprise blockchain startup Offchain Labs scores $3.7M seed 2019-04-03 09:00:30Two of the issues limiting blockchain adoption in the enterprise has been lack of scalability and privacy. Offchain Labs, a startup that spun out of r

Onfido, which verifies IDs using AI, nabs $50M 2019-04-03 08:10:31Security breaches, where malicious hackers obtain snippets of information that then get used to impersonate individuals in order to gain access to ind

Container security startup Aqua lands $62M Series C 2019-04-03 06:20:27Aqua Security, a startup that helps customers launch containers securely, announced a $62 million Series C investment today led by Insight Partners. E

How to handle dark data compliance risk at 2019-04-02 15:00:51Slack and other consumer-grade productivity tools have been taking off in workplaces large and small — and data governance hasn’t caught u

Densify announces new tool to optimize container management 2019-04-02 11:52:47Densify, a Toronto company that helps customers optimize their cloud resources to control usage and spending, announced a new tool today specifically

FireHydrant lands $1.5M seed investment to bring order 2019-04-02 10:00:46FireHydrant, an NYC startup, wants to help companies recover from IT disasters more quickly, and understand why they happened — with the goal of

Pixeom raises $15M for its software-defined edge computing 2019-04-02 09:30:19Pixeom, a startup that offers a software-defined edge computing platform to enterprises, today announced that it has raised a $15 million funding roun


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.