Photo and movie drip through misconfigured S3 buckets
Typically for photos or other asserts, some sort of Access Control List (ACL) is in position. For assets such as for example profile photos, a typical means of applying ACL could be:
One of the keys would act as a вЂњpasswordвЂќ to get into the file, as well as the password would simply be offered users whom need use of the image. When it comes to a dating application, it is whoever the profile is presented to.
I have identified several misconfigured buckets that are s3 The League throughout the research. All images and videos are inadvertently made general public, with metadata such as which user uploaded them so when. Usually the application would have the pictures through Cloudfront, a CDN on top of this S3 buckets. […]