Search tool accesses firms' documents in the cloud

A website created by anonymous hackers has been launched that allows anyone to search for sensitive data stored in the cloud.

Buckhacker is a tool that trawls servers at Amazon Web Services (AWS), a popular cloud computing platform.

AWS provides data storage to private firms, governments and universities, among others.

Exposed data has been found on it before, but Buckhacker makes searching for it much easier.

The name comes from the fact that AWS Simple Storage Servers (S3) are known as “buckets” – this is the part of AWS that Buckhacker accesses.

The BBC alerted Amazon to Buckhacker shortly after it went live, but the firm has yet to issue a statement on the matter.

Offline ‘for maintenance’

On Wednesday afternoon, Buckhacker went offline “for maintenance”, though it had previously been working allowing a number of cyber-security experts to explore it.

“We went online with the alpha version [too] early,” said a Twitter account associated with the Buckhacker site.

Security expert Kevin Beaumont told the BBC: “It’s a goldmine of stuff which shouldn’t be public.”

He pointed to one example that appeared to be of encryption keys for a cloud customer at a different cloud computing service.

“S3 buckets have been a problem for years,” added Mr Beaumont.

“The search engine is the first easy to access ways of looking inside them… companies are losing control of their data in the cloud.”