AWS S3 bucket modified to allow public access
Description
AlphaSOC detected that an AWS S3 bucket has been modified to allow public access. Public access to S3 buckets can expose sensitive data to unauthorized users and potentially lead to data breaches.
Impact
Allowing public access to S3 buckets can have serious consequences for data security and privacy. It can also lead to increased costs, as AWS charges fees for retrieving data from S3 buckets. Depending on the policy, unauthorized individuals may be able to read, modify, or delete sensitive information stored in the bucket, which could lead to data leaks or the distribution of harmful content.
Severity
| Severity | Condition |
|---|---|
Low | AWS S3 bucket has been made public |
Medium | AWS S3 bucket accidentally modified to allow public access |
Medium | AWS S3 bucket modified to allow public access via suspicious statement |
Investigation and Remediation
Review the bucket's contents to assess potential data exposure. If public access wasn't granted intentionally, revoke it or use S3 Block Public Access feature.
Known False Positives
- Public access granted for legitimate file sharing purposes