A Security researcher has discovered three misconfigured AWS S3 buckets containing terabytes of data available for public access online.The database contains around 1.8 million social media post and forum post over past 8 years from the user across the gl
A Security researcher has discovered three misconfigured AWS S3 buckets containing terabytes of data available for public access online.The database contains around 1.8 million social media post and forum post over past 8 years from the user across the globe.Chris Vickery, Up Guard's security researcher who discovered the data and said that data belongs to US military.The databases discovered were named as CENTCOM-backup, CENTCOM-archive, and PACOM-archive.Vickery said that he found the database during a routine scan of publicly available S3 buckets. He was doing scanning for the term COM, and when he refined his search, an archive named CENTCOM was shown.Initially, he believed the archive belonged to Chinese multinational company Tencent, but he soon realized the archives belongs to US Military.CENTCOM refers to the US Central Command, which is responsible for US military operations from East Africa to Central Asia, including the Iraq and Afghan Wars. PACOM is the US Pacific Command, which covers East, South, and Southeast Asia, as well as Australia and Pacific Oceania.Vickery told The Register that “"For the research, I downloaded 400GB of samples but there were many terabytes of data up there, It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate."The document scanned revealed that the database was collected as part of the US government’s outpost program. It is a social media monitoring campaign designed to target oversea youth to prevent them from joining terrorist groups.Along with outpost development configuration file, Vickery also found Apache Lucene keywords indexes which was developed for elasticsearch, an open source search engine.Vickery also discovered another file named Coral which probably is referred to the US military's Coral Reef data-mining program.Vickery said he discovered the archives on 6th September 2017 and has informed the US military about this.All the three buckets have been locked down by the US military now and also thanked Vickery for bringing the issue to their attention. Last week Amazon updated the AWS back panel to prevent this kind of misconfiguration issues in S3 servers. The company added visible warnings when S3 Servers were exposed online.