Stefan Mileschin

The security on Amazon's cloud has come under question after it was revealed that customers have accidentally revealed confidential information including sales records and source code.

The problem was revealed by Rapid7, a Boston-based security firm, which said that the data leak was typical of the problems of cloud setups.

In a report the security experts said that it found more than 126 billion files posted online belonging to customers of Amazon Simple Storage Service, or Amazon S3, earlier this year.

It looked under the bonnet of more than 40,000 of the files and most of them contained sensitive data.

One pile of data came from a car sales company. This included source code for a mobile gaming company and spreadsheets containing employees' personal information and member lists.

Rapid7 said the leak was not Amazon's fault, the documents were public because the customers overrode a key security mechanism intended to keep such information private. This was an accident and was probably thanks to badly designed third-party management software.

According to the Age, Will Vandevanter, a Rapid7 researcher, said that the world+dog is talking about cloud hosting and cloud storage but there were still some common pitfalls that many organizations overlook.

The companies affected were not identified, and after Rapid7 alerted Amazon to its research, many of the files were no longer visible.

What appeared to have happened was Amazon cloud customers had disabled the default "private" setting on the "buckets" used to store data in Amazon S3, which is part of Amazon Web Services.

HD Moore, chief security officer of Rapid7, alerted Amazon to the problem in January. The e-commerce giant then notified customers of the findings and has been "extremely responsive," Rapid7 said.

http://news.techeye.net/security/amazon-cloud-bursts