Exposing customer (or employee) data to the world is pretty bad, and requires much mitigation. Maybe you have to buy credit monitoring services for the compromised users. Maybe you have to financially compensate them. But what happens when you leak the keys to the kingdom? UpGuard found a scary trove of data on some unsecured S3 buckets belonging to Viacom. Not only did they find “credentials needed to build and maintain Viacom servers across the media empire’s many subsidiaries and dozens of brands,” they found Viacom’s secret cloud keys, and even data that pointed them to a Puppet master server which was left exposed to the public Internet. Somebody spent a long time regenerating passwords and keys.
You can find more detail at UpGuard.
Be secure out there!
— PF