
An API Worm in the Making: Thousands of Secrets Found in Open S3 Buckets - samizdis
https://trufflesecurity.com/blog/an-s3-bucket-worm-in-the-making-thousands-of-secrets-found-in-open-s3-buckets
======
samizdis
Also, news article based on this at:

[https://www.theregister.com/2020/08/03/leaky_s3_buckets/](https://www.theregister.com/2020/08/03/leaky_s3_buckets/)

> "...automated search tools were able to stumble across some 4,000 open
> Amazon S3 buckets ..."

> "In some cases, more than 10 secrets were found in a single file. These
> included SQL Server passwords, Coinbase API keys, MongoDB credentials, and
> logins for other AWS buckets that actually were configured to ask for a
> password."

> "... the Truffle crew believes that the real danger is that the exposed
> 'secrets' would have a cascading effect where an attacker could use the
> exposed keys and credentials to get into other, more secure accounts and
> services."

