Tag

Cloud Misconfiguration

Examines how cloud misconfigurations lead to data breaches, unauthorized access, and compliance failures. Posts detail common mistakes such as open storage buckets, excessive permissions, and poor network controls, along with detection methods and remediation steps.

posts

Security in Cloud Computing

Security in Cloud Computing: What Goes Wrong in 2026

A Single Checkbox Left 540 Million Facebook Records Exposed Back in 2019, researchers at UpGuard discovered that two third-party Facebook app developers had stored more than 540 million user records on Amazon S3 buckets with no access restrictions. Not encrypted. Not firewalled. Just sitting there, publicly readable, because someone didn&

Carl B. Johnson Jul 09, 2026 6 min read
Security in Cloud Computing

Security in Cloud Computing: What Goes Wrong First

Capital One Lost 100 Million Records — The Cloud Wasn't the Problem In 2019, a former AWS employee exploited a misconfigured web application firewall and exfiltrated over 100 million Capital One customer records. The cloud infrastructure worked exactly as designed. The humans configuring it didn't. That breach

Carl B. Johnson Jun 27, 2026 5 min read
Cloud Computing Security

Cloud Computing Security: What Goes Wrong in 2025

In January 2025, the Verizon Data Breach Investigations Report team was already tracking a sharp rise in cloud-specific intrusions — a trend that accelerated throughout the year. By mid-2025, roughly 45% of all breaches involved cloud assets, up significantly from prior years. If your organization moved to the cloud and assumed

Carl B. Johnson Sep 27, 2025 7 min read
Security in Cloud Computing

Security in Cloud Computing: What Goes Wrong in 2025

The Breach That Started With a Single Misconfigured S3 Bucket In 2023, Toyota disclosed that the vehicle data of 2.15 million customers had been publicly accessible for over a decade — because a cloud database was set to public instead of private. No sophisticated threat actor. No zero-day exploit. Just

Carl B. Johnson Sep 27, 2025 7 min read
Cloud Security Best Practices

Cloud Security Best Practices That Actually Stop Breaches

A Single Misconfigured S3 Bucket Exposed 3 Billion Records In 2021, a researcher discovered that a misconfigured cloud storage bucket belonging to data analytics firm Cognyte had exposed more than five billion records. Capital One's infamous 2019 breach — a misconfigured web application firewall in AWS — cost them over

Carl B. Johnson Apr 22, 2025 7 min read
Cloud Storage Security Risks

Cloud Storage Security Risks: What's Actually Exposing You

The Misconfigured Bucket That Exposed 540 Million Records In 2019, researchers at UpGuard discovered that Facebook user data — over 540 million records — sat exposed on misconfigured Amazon S3 buckets maintained by third-party app developers. Nobody hacked anything. Nobody exploited a zero-day. The data was simply left open to the public

Carl B. Johnson Apr 22, 2025 8 min read
Cloud Computing Security

Cloud Computing Security: 7 Mistakes That Cause Breaches

In January 2024, Microsoft disclosed that a Russian threat actor group known as Midnight Blizzard had breached its corporate email systems — not through some exotic zero-day exploit, but through a password spray attack on a legacy test account that lacked multi-factor authentication. If Microsoft, a company that literally sells cloud

Carl B. Johnson May 13, 2024 7 min read
Cloud Security Best Practices

Cloud Security Best Practices That Actually Stop Breaches

A Single Misconfigured S3 Bucket Exposed 3 Billion Records In early 2023, independent security researchers discovered yet another wave of publicly exposed Amazon S3 buckets leaking sensitive customer data — healthcare records, financial documents, personally identifiable information. None of these organizations were hacked in the traditional sense. They simply got their

Carl B. Johnson Nov 03, 2023 7 min read
Securing Cloud Applications

Securing Cloud Applications: A Practical Field Guide

The $65 Million Misconfiguration Nobody Saw Coming In March 2023, Toyota disclosed that a cloud misconfiguration had exposed vehicle data on 2.15 million customers for over a decade. A single cloud storage bucket, left publicly accessible, quietly leaked data from 2012 to 2023. Nobody noticed for ten years. That&

Carl B. Johnson Nov 03, 2023 7 min read