Dive Brief:
- The Department of Defense (DOD) had three open Amazon Web Services S3 cloud storage buckets, which left 1.8 billion social media records exposed, UpGuard found in September. The records had been collected by the U.S. Central Command and U.S. Pacific Command.
- UpGuard, a security firm, was able to locate the open servers and data because a DOD contractor left them reachable to anyone that holds an AWS account. If decompressed, the files could be located through keyword and partial word searches in different languages.
- The compromised records were collected from 2009 to 2015 and "'scraped' from the public internet." The origin, nature and web addresses from the posted content accompanied the exposed information, according to UpGuard. It is unknown "how or why" the data was collected.
Dive Insight:
The DOD's mishap is just another drop in the open S3 bucket. The collection of the public's social media is not surprising to most. The use of third party vendors remain inevitable, but the negligent approach to storing it is cause for distress.
The report found that the data included common, everyday social media activity. Ultimately, comments on Facebook, YouTube and Twitter are public, but their collection is "used for measurement and engagement activities" for websites, according to Major Josh Jacques, spokesperson for U.S. Central Command, reports CNN.
The same is true for the private sector. This year saw World Wresting Entertainment compromise about three million fans in July because of two open servers. Verizon also experienced a data leak, impacting 14 million customers, after one of its S3 buckets was marked for external access.
The realization of the government monitoring the public's data and online activity brings to mind the case of Edward Snowden, but now it is a question of security practices. As the government continues to accumulate troves of data, the cloud is the only way to store and sort it. But privacy remains a sensitive issue, even for companies willing to surveil its employees for their "value."