Home > Security > Security News

Misconfigurations Across Seven Cloud Providers Expose 660K buckets, 200B Files, 110K Credentials and More

Published
Written by:
Vishwa Pandagle
Vishwa Pandagle
Cybersecurity Staff Editor

Researchers discovered over 200 billion exposed files spanning seven cloud providers left accessible to the public due to misconfigurations. Exposed cloud buckets are a treasure trove for threat actors, especially if the information includes login details, backups, and source codes.

Odin, an internet scanning platform by Cyble, also found over 660,000 exposed buckets and over 91 million exposed hosts in its scan, which uses a machine learning-based detection model. 

The exposed files contained several types of sensitive data. A search for credentials led to 110,000 results.

Screenshot of results showing env credentials returning 110,000 records
Screenshot of results showing env credentials returning 110,000 records | Source: Odin by Cyble

About 1.6 million files with confidential information were retrieved from the publicly accessible database. And 5.6 million files for the Go language were extracted from the 200 billion exposed files in cloud buckets.

The data type points to the threat hovering over the owners and users of the data. Cybercriminals thrive on data extracted from the exposed cloud bucket files.

Publicly accessible cloud storage buckets can be leveraged as an attack vector, gaining access to admin account credentials, increasing privileges, and bypassing security mechanisms put in place. 

Breaching or exploiting cloud infrastructure has allowed cybercriminals to gain asset visibility and contributed to over 23% of the data breaches in late 2024.

Cloud services fuel businesses globally; however, it calls for a robust security protocol and safeguards against human errors. 

“While cloud storage is typically private by default, it can quickly get complicated when you start sharing objects or resources,” Cyble noted. Conducting security audits and maintaining access control to cloud buckets is necessary to avoid leaving sensitive information exposed publicly.

To address the complexity involved in the auditing process arising from using both Identity and Access Management (IAM) and Access Control Lists (ACLs), businesses opt for assigning access controls on a ‘per-object’ basis. 

However, this approach is not foolproof, leaving them with another option of using managed folders. It further limits access to specific groups of objects in a bucket. 

Add a Comment
Related
The Cyber Attack on BSH Claimed by El Dorado Last Year Exposed Broadcom’s Employee Data
Army Soldier Took Photos of Undressing Children in His Home, Generated Porn and Used Encrypted Tools to Surf Child Porn
Vehicle Insurance Scams Targeting Colombians with Phishing Websites Urge Them to Pay for Activation
Coinbase CEO Responds with, “No, We are Not Going to Pay Your Ransom,” Offers $20M for Information on Hackers Instead
Oxford Life Insurance Company Confirms Hacker Accessed Financial Data this February
BlackDB Cybercrime Forum Admin Arrested in Kosovo to Remain in the U.S. for the Pending Trial
Most Popular
movies 2025
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
TV shows February 2025
2025 TV Premiere Dates: New & Returning TV Series Calendar
Power Book III: Raising Kanan
Power Book III: Raising Kanan Season 4 Ending Explained – Is this the end for Raq?
The Cyber Attack on BSH Claimed by El Dorado Last Year Exposed Broadcom’s Employee Data
Doda Police Detain VPN Users Amid District-Wide Ban
VPN Users Detained in Doda After District-Wide Ban
Murderbot
Murderbot Episodes 1 & 2 Ending Explained: Trust Issues, Dead Survey Teams, and a Shady Corporation
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
2025 TV Premiere Dates: New & Returning TV Series Calendar
Power Book III: Raising Kanan Season 4 Ending Explained – Is this the end for Raq?
The Cyber Attack on BSH Claimed by El Dorado Last Year Exposed Broadcom’s Employee Data
VPN Users Detained in Doda After District-Wide Ban
Murderbot Episodes 1 & 2 Ending Explained: Trust Issues, Dead Survey Teams, and a Shady Corporation

Most Popular
movies 2025
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
TV shows February 2025
2025 TV Premiere Dates: New & Returning TV Series Calendar
Power Book III: Raising Kanan
Power Book III: Raising Kanan Season 4 Ending Explained – Is this the end for Raq?
The Cyber Attack on BSH Claimed by El Dorado Last Year Exposed Broadcom’s Employee Data
Doda Police Detain VPN Users Amid District-Wide Ban
VPN Users Detained in Doda After District-Wide Ban
Murderbot
Murderbot Episodes 1 & 2 Ending Explained: Trust Issues, Dead Survey Teams, and a Shady Corporation
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
2025 TV Premiere Dates: New & Returning TV Series Calendar
Power Book III: Raising Kanan Season 4 Ending Explained – Is this the end for Raq?
The Cyber Attack on BSH Claimed by El Dorado Last Year Exposed Broadcom’s Employee Data
VPN Users Detained in Doda After District-Wide Ban
Murderbot Episodes 1 & 2 Ending Explained: Trust Issues, Dead Survey Teams, and a Shady Corporation

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: