US Voter Data Leaked via Misconfigured S3 Bucket

It was recently announced that the Tea Party PAC (or the Tea Party Patriots Citizen Fund (TPPCF)) publicly exposed around half a million US voters data through its Amazon S3 bucket. Read more about it here.

S3 Bucket Primer

AWS S3 is a very popular cloud based file / object storage service. Operating since March 2006, this service (along with AWS EC2) is a key contributor to the public cloud computing revolution.  However, the number of the supported use cases and years of product evolution have made it challenging to understand, configure and properly assess data exposure in S3 buckets. Check out this blog to learn how to manage permissions and ACLs to protect data in S3 buckets

Another key aspect of data security is protecting data-in-flight. Best practice dictates that all data in the cloud be encrypted both at rest as well as in flight when data is read from or written to a bucket. This can be done easily using Secure Sockets Layer/Transport Layer Security (SSL/TLS). Read more about how to encrypt data in flight to S3 buckets can help protect against man-in-the-middle and sniffing attacks.

What You Can Do to Stay Protected

1. Detect Leaky S3 Buckets

The Dome9 Compliance Engine is an automation framework that allows admins to monitor the security and compliance of their cloud environments on an ongoing basis.

Using Dome9 Compliance Engine, you can easily setup a continuous compliance policy to periodically check your AWS environment and flag any exposed S3 buckets. All this within a quick 15 min onboarding setup. If you’re interested, we have a 14 day free trial.

Below is the GSL rule that you can use to detect exposed buckets:

S3Bucket should not have ( acl.grants contain [uri like ''] or policy.Statement contain [Effect='Allow' and (Principal='*' or Principal.AWS='*')])

For further guidance, feel free to check out our open source Cloud Security Posture Repository (CSPR) of comprehensive security controls and compliance checks for your cloud environments

2. Automatically Remediate Publicly Exposed S3 Buckets

Event driven automation can allow customers to implement automatic remediation of critical workflows as best practice. Dome9’s CloudBots are a set of plug and play bots that can automatically take user-defined remediation actions to fix critical threats. Check out this blog to learn more about how to automatically remediate publicly exposed S3 buckets


To learn more about the Dome9 Compliance Engine, or to try the platform for free, get started now.