Nearly 20 Billion Files Exposed Due to Misconfigured Cloud Buckets
Severity: High (Score: 69.0)
Sources: Securityaffairs.Co, Feeds.Feedburner
Published: · Updated:
Keywords: files, billion, nearly, exposed, misconfigured, cloud, buckets
Summary
Researchers from Mysterium VPN reported that nearly 20 billion files have been exposed due to misconfigured cloud storage buckets across major providers like Amazon S3, Google Cloud, and Azure. The exposed files include 685,047 credential files and nearly 1 million database dumps, all accessible without authentication. The issue stems from user misconfigurations rather than vulnerabilities in the cloud platforms themselves. Amazon S3 accounts for over two-thirds of the exposed storage. The interconnectedness of these files increases the risk of complete data breaches from a single misconfigured bucket. Recommendations for mitigation include defaulting to private settings, avoiding the storage of sensitive data in object storage, and implementing regular vulnerability scans. Users are advised to use unique passwords and enable multi-factor authentication. The report emphasizes the urgent need for better security practices among cloud storage users. Key Points: • Nearly 20 billion files exposed due to misconfigured cloud storage buckets. • Exposed data includes 685K credential files and nearly 1M database dumps. • Amazon S3 accounts for over two-thirds of the exposed storage.
Detailed Analysis
**Impact** Approximately 19.6 billion files across 535,480 publicly accessible cloud storage buckets are exposed, affecting users of major cloud providers including Amazon S3, Google Cloud, Azure, DigitalOcean, and Alibaba. Over 685,000 credential and key files and nearly 1 million database dumps are at risk, potentially granting attackers direct access to live systems. The exposure impacts multiple sectors reliant on cloud storage globally, with Amazon S3 accounting for over two-thirds of the exposed data. This situation could lead to significant data breaches, operational disruptions, and loss of sensitive information. **Technical Details** The exposure results from widespread customer misconfigurations of cloud storage buckets, allowing unauthenticated public access without exploiting vulnerabilities or using malware. The files include sensitive types such as .env files, private keys, .sql, and .bak database dumps. No specific CVEs or malware tools are mentioned. The attack vector is misconfigured access controls on cloud storage, representing a failure in the initial access and reconnaissance stages of the kill chain. No IOCs are provided in the reports. **Recommended Response** Enforce default private settings on all cloud storage buckets and avoid storing secrets or sensitive data in object storage. Encrypt backups and implement regular automated scans to detect misconfigurations. For individuals, use unique passwords, enable multi-factor authentication, and limit data sharing with third-party services. Monitor cloud storage access logs for unauthorized or unusual access patterns. No patching or specific detection signatures are indicated.
Source articles (2)
- 19.6 Billion Files Are Sitting Open on the Internet. No Password Required — Securityaffairs.Co · 2026-05-28
19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they han… - Nearly 20 billion files exposed in misconfigured cloud buckets — Feeds.Feedburner · 2026-05-29
Nearly 20 billion files, including sensitive credential and database dump files, have been exposed due to misconfigured cloud storage buckets. Mysterium VPN researchers discovered that 535,480 publicl…
Timeline
- 2026-05-28 — Research findings published: Mysterium VPN disclosed that 19.6 billion files are exposed in misconfigured cloud buckets, highlighting the scale of the issue.
- 2026-05-29 — Security report released: A report from Security Affairs confirmed the exposure of nearly 20 billion files, detailing the types of sensitive data at risk.
Related entities
- Data Breach (Attack Type)
- CWE-200 - Exposure of Sensitive Information (Cwe)