Group releases search tool for Amazon S3 buckets

The tool, Buckhacker, gets its name from the fact that AWS Simple Storage Servers (S3) are known as buckets.

In case you missed it, for the very first time there's now a Google for Amazon S3 buckets - a full search engine called Buckhacker. This is page 400 of results for *.sql in S3. This is a game changer. https://t.co/iegLYhw8n1 pic.twitter.com/VT0PbKg9vF

— Kevin Beaumont (@GossiTheDog) February 14, 2018

It will make searches for data leaks much easier than in the past.

Buckhacker released an alpha version of the search engine on Wednesday which was noticed by UK security researcher Kevin Beaumont.

{loadposition sam08}He tweeted: "In case you missed it, for the very first time there's now a Google for Amazon S3 buckets - a full search engine called Buckhacker. This is page 400 of results for *.sql in S3. This is a game changer."

In the meanwhile #buckhacker is still down give a read to this article about using the buckhacker data for a different scope #subdomaintakeovers https://t.co/UAeQGdSsNk

— BuckHacker (@thebuckhacker) February 14, 2018

The search engine has now been taken offline, with the people behind Buckhacker saying on Twitter: "Sorry guys, we are going offline for maintenance. We went online with the alpha version too early."

Apparently, there were some cache issues in the alpha release, according to the Buckhacker Twitter feed.

Plenty of sensitive data has been found lying unsecured in S3 buckets, with the security firm UpGuard finding such stashes quite often.

UpGuard releases details of its finds on the Web regularly. It has found misconfigured S3 buckets leaking data from Paris-based brand marketing company Octoly, California data analytics firm Alteryx, credit repair service National Credit Federation, the NSA, the Pentagon, global corporate consulting and management firm Accenture, publisher Dow Jones, a Chicago voter database, a North Carolina security firm, and a contractor for the US National Republican Committee.