PSA: Amazon Cloud Drive Data Leaks (Ongoing!)

in #security8 years ago (edited)

Hello friends,
Just a quick post to alert you all to an ongoing issue that has been made public affecting Amazon's Cloud Drive, that could allow other people to access your files that are stored there.

amazon.jpg

The issue was first highlighted by a Github user named thibrex 28 days ago, in the following Github Issue (Archive.is Mirror). thibrex had deleted his "node.db" file and resynced in order to fix a database corruption issue in his Amazon Cloud Drive client, and suddenly found himself viewing another users files.

Amazon Support were notified, and ignored the issue. They have since been notified by a number of users, and claim that it is not a problem on their end. Currently, as of posting, the issue remains unfixed.

Other users have been able to reproduce this issue, and have been able to access the files of people who are not them. Currently, the person whose files you gain access to appears to be completely random. What seems to be happening here, is that when you resync after deleting your node database, you end up with someone elses access token, seemingly at random, and with that, access to all of their files. (Access meaning: you can read them, download them, modify them, or delete them... Imagine if someone replaced your family photos with hardcore pornography? Or downloaded your financial information?)

If you are an Amazon Cloud Drive user, my advice to you is quite simple. Take your shit elsewhere, and tell Amazon that their lack of regard for your datas security is the reason why you are doing so.

Image Credit: bgr.com

Sort:  

:O thankyou friend xxxxxx