GCP BigQuery dataset made public
Description
AlphaSOC detected that a Google BigQuery dataset was made publicly accessible. This occurs when "allUsers" or "allAuthenticatedUsers" is added to the dataset's IAM bindings, allowing anyone on the internet or any authenticated Google user to access the data. This may indicate a misconfiguration or an intentional attempt to expose sensitive data.
Impact
Public BigQuery datasets can expose sensitive business data, personally identifiable information (PII), or other confidential information to unauthorized parties. Attackers may exploit this exposure to steal data, gain competitive intelligence, or use the information for further attacks. Data exposure incidents can result in regulatory penalties and reputational damage.
Severity
| Severity | Condition |
|---|---|
Medium | BigQuery dataset made publicly accessible |
Investigation and Remediation
Review the IAM policy changes to identify who made the dataset public and whether it was intentional. Examine the dataset contents to assess the sensitivity of potentially exposed data. Remove public access immediately if unauthorized. Audit access logs to determine if the data was accessed while public. Consider enabling organization policies to prevent public dataset creation.
Known False Positives
- Intentionally shared public datasets for research or open data initiatives
- Development or testing datasets with non-sensitive data