Contractors, governments, and telecom giants have all previously left data on exposed Amazon Web Services (AWS) servers, meaning anyone can access them without a username or password. Now, a search engine makes combing through leaky AWS datasets that much easier. Think of it as a barebones Google, but for info that the owners may have mistakenly published to the world.
"The purpose of the project is to increase the awareness on bucket security, too many companies was [sic] hit for having wrong permissions on buckets in the last years," one of the anonymous developers of the service, called BuckHacker, told Motherboard in an email.
The search engine is specifically focused on Amazon's Simple Storage Service (S3), and S3 servers known as buckets. Users can search either by bucket name—which may typically include the name of the company or organization using the server—or by filename. The service is basic, but largely functional: the developer explained it collects bucket names, grabs the bucket's index page, parses the results and stores it in a database for others to search.