Researchers recently discovered hundreds of databases on Amazon Relational Database Service (Amazon RDS) which are exposing personally identifiable information (PII). Amazon RDS is the web service that makes it possible to set up relational databases in the Amazon Web Services (AWS) cloud, and it offers support for different database engines, including: MariaDB, MySQL, Oracle, PostgreSQL, and SQL Server.
This newest discovery comes from cloud incident response company, Mitiga, which stated that the exposed PII data includes names, email addresses, phone numbers, dates of birth, marital status, car rental information & company logins.
The issue stems from a feature called RDS snapshots, which is used to create backups of the entire database environment and can be accessed by all AWS accounts. Between September 21, 2022, and October 20, 2022, Mitiga discovered 810 snapshots that were publicly shared for a period of time making them ripe for abuse by malicious threat actors.
“Of the 810 snapshots, over 250 of the backups were exposed for 30 days, suggesting that they were likely forgotten” (The Hacker news, 2022).
With PII being included in these snapshots, threat actors could use the data to perform identity theft, social engineering, and targeting phishing attacks. This information can be further extorted for ransom by threatening to leak the data on public forums which can be accessed by anyone with an internet connection. When sharing a snapshot as public, Amazon recommends that no private information is included in the snapshot. Since the snapshot is accessible to all AWS accounts, threat actors can copy the snapshot and create DB instances from it, making it easy for attackers to steal any data that is contained within.
“It's highly recommended that RDS snapshots are not publicly accessible in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. It's also advised to encrypt snapshots where applicable” (The Hacker News, 2022).