A sweeping scan of publicly accessible cloud storage has revealed a staggering 19.6 billion files sitting on the internet with no authentication required — among them hundreds of thousands of credential files and nearly a million database dumps that represent a direct, exploitable risk to organisations and individuals alike.
The Scale of Exposure
According to a report by Security Affairs, researchers at Mysterium VPN scanned 535,480 publicly listable cloud storage instances — including services such as Amazon S3 — and found more than 19.6 billion files openly accessible without any password or access control. The findings point to a widespread and persistent failure in basic cloud hygiene across industries.
The most alarming categories of exposed data include approximately 685,000 credential files — repositories of usernames, passwords, API keys, and authentication tokens — alongside nearly one million database dumps containing structured records that could include personal data, financial information, or business-critical content.
A Critical and Active Risk
What makes this discovery particularly dangerous is not merely the volume of exposed data, but its nature. Credential files and database dumps are not benign artifacts; they are exactly the materials attackers seek when planning intrusion campaigns, credential-stuffing attacks, or lateral movement through corporate networks.
An exposed credential file can provide immediate access to internal systems. An unprotected database dump can supply the raw material for identity theft, fraud, or targeted phishing. Together, they represent an active attack surface that does not require sophisticated exploitation — only discovery.
That these files remain publicly listable without so much as a password gate underscores a fundamental gap in how organisations configure and audit their cloud infrastructure.
Source Context
The research was conducted by Mysterium VPN, a company that provides encrypted networking and VPN services. The methodology — scanning publicly accessible storage endpoints and categorising the content found — is a well-established approach used by security researchers across the industry, and the findings align with other large-scale audits of cloud misconfigurations conducted in recent years.
What IT Teams Should Do Now
For IT administrators and security operations teams, the report serves as a pointed reminder that cloud storage configuration is not a set-and-forget task. Key actions include:
- Audit all cloud storage buckets and containers for public accessibility, removing anonymous read access where not explicitly required.
- Scan for exposed credential files and secrets across all object storage repositories, and rotate any credentials found to have been publicly accessible.
- Review database backup policies, ensuring that database dumps are encrypted at rest and never stored in publicly readable locations.
- Implement continuous monitoring for misconfigurations using cloud-native tools or third-party posture management platforms.
The comfortable assumption that data entrusted to cloud providers is inherently protected does not hold up against the evidence. With nearly 20 billion files exposed and hundreds of thousands of credential files among them, the window for exploitation is wide open — and the responsibility to close it rests squarely with the teams managing these environments.
一項針對公開可存取雲端儲存空間的大規模掃描發現,有驚人的196億份檔案在互聯網上無需任何驗證即可存取——其中包括數十萬份憑證檔案及近百萬份數據庫轉儲,這些數據對機構與個人均構成直接且可利用的風險。
曝露規模
據 Security Affairs 報道,Mysterium VPN 的研究人員掃描了535,480個公開可列示的雲端儲存實例——包括 Amazon S3 等服務——發現超過196億份檔案在無需任何密碼或存取控制的情況下公開可存取。研究結果指出,跨行業的雲端安全基本措施存在廣泛且持續的失敗。
曝露數據中最令人警惕的類別包括大約685,000份憑證檔案——這些是存放用戶名稱、密碼、API金鑰及驗證令牌的倉庫——以及近百萬份數據庫轉儲,其包含的結構化記錄可能涉及個人數據、財務資訊或業務關鍵內容。
關鍵且活躍的風險
此次發現的危險之處不僅在於曝露數據的數量,更在於其性質。憑證檔案與數據庫轉儲並非良性資料;它們正是攻擊者在策劃入侵行動、憑證填充攻擊或在企業網絡內進行橫向移動時所尋求的目標。
一份曝露的憑證檔案可立即提供對內部系統的存取權限。一份未受保護的數據庫轉儲可為身份盜用、欺詐或有針對性的網絡釣魚提供原始材料。兩者共同構成了一個活躍的攻擊面,無需複雜的利用手段——只需被發現即可。
這些檔案在無需密碼門檻的情況下仍可被公開列示,凸顯了機構在配置及審計其雲端基礎設施方面存在根本性缺陷。
來源背景
此項研究由 Mysterium VPN 進行,該公司提供加密網絡服務及 VPN 服務。其研究方法——掃描公開可存取的儲存端點並對發現內容進行分類——是業界安全研究人員廣泛採用的成熟方法,而研究結果亦與近年進行的其他大型雲端錯誤配置審計相符。
IT 團隊現時應採取的行動
對於IT管理員及安全營運團隊,該報告是一個尖銳的提醒:雲端儲存配置並非一次性設置後便置之不理的任務。關鍵行動包括:
- 審計所有雲端儲存桶及容器的公開可存取性,在非明確要求的情況下移除匿名讀取權限。
- 掃描所有物件儲存庫中曝露的憑證檔案及密鑰,並輪換任何被發現曾公開可存取的憑證。
- 審閱數據庫備份政策,確保數據庫轉儲在靜止狀態下加密,且絕不儲存在公開可讀的位置。
- 實施持續監控,利用雲端原生工具或第三方態勢管理平台檢測錯誤配置。
認為託付予雲端供應商的數據在本質上受到保護的舒適假設,在證據面前並不可靠。隨著近200億份檔案曝露,其中包含數十萬份憑證檔案,利用的窗口已大開——而關閉此窗口的責任,全然落在管理這些環境的團隊肩上。