Six percent of all Google Cloud buckets are misconfigured and left open to the public internet, for anyone to access their contents.

In a survey of 2,064 Google Cloud buckets by Comparitech, 131 of them were found to be vulnerable to unauthorized access by users who could list, download and/or upload files. Among the exposed data that the firm uncovered were 6,000 scanned documents that included passports, birth certificates and personal profiles from children in India. Another database belonging to a Russian web developer included email server credentials and the developer’s chat logs.

“Those buckets can contain confidential files, databases, source code and credentials, among other things,” wrote researcher Paul Bischoff at the firm, in a posting on Tuesday.

#breach #cloud security #most recent threatlists #privacy #amazon s3 #analysis #cloud buckets #cloud databases #comparitech #data breach #elasticsearch #google cloud #misconfiguration #paul bischoff #publicly available