Amazon Web Services(AWS) Secret Keys exposed on GitHub

Indrajeet Bhuyan March 28, 2014

Amazon Web Services(AWS) recently is informing developers to see for what they publish or share on GitHub, solely because the “secret keys that AWS provide are openly shown on GitHub Search, it’s not a Hack or a security Vulnerability but carelessness of the developer.  Before we get into details, I would like post a wiki description of GitHub and AWS.

Amazon Web Services is a collection of remote computing services that together make up a cloud computing platform, offered over the Internet by Amazon.com. The most central and well-known of these services are Amazon EC2 and Amazon S3.- Wikipedia

GitHub is a web-based hosting service for software development projects that use the Git revision control system, Where Developers Share there Codes and Help Themselves and Others.

 

What are The “secret keys” ?

“You can basically think of them as a username and password – they provide authentication to AWS services,Anyone who has access to those keys has access to that particular AWS account. From a security perspective it means they can basically go in and gain access to any of the files that are stored in the AWS account.” said Ty Miller, founder of penetration testing firm Threat Intelligence.
Now That’s a Huge Unknown Mistaken Threat to the Developers! Their Whole Database can be destroyed and the company reputation and the developer’s status and what not! So before it’s too late, Check your credentials on GitHub if you work with the AWS System, Moreover AWS already informed most of the developers about the issue. 
 
one example that fits good here is this one,

Several bloggers have admitted getting a shock after recieving a large bills for bandwidth usage they didn’t initiate. For example, Luke Chadwick was hit with a US$3493 (A$3842) bill in December, because of unauthorised activity. To his relief, this was later refunded by AWS.

 

If you have any queries, don’t hesitate to post it in the comments section. 
 
 
Tweet Share Reddit

About The Author

Indrajeet Bhuyan

Hii ! My name is Indrajeet Bhuyan. I'm a security sngineer and a blogger. Here in this blog I help people get started with blogging and personal finance. Also I talk a lot about cryptocurrency.

Related Posts