HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

19.6 Billion Files Exposed in Misconfigured Cloud Buckets Across Major Providers

A Mysterium VPN study found 19.6 billion files openly accessible across 535 k cloud storage buckets on AWS, Google Cloud, Azure, DigitalOcean and Alibaba. The exposure includes 685 k credential files and nearly 1 million database dumps, creating a massive third‑party risk for any organization that relies on these services.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 securityaffairs.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
6 sector(s)
Actions
4 recommended
📰
Source
securityaffairs.com

19.6 Billion Files Exposed in Misconfigured Cloud Buckets Across Major Providers

What Happened – Researchers at Mysterium VPN scanned 535,480 publicly listable cloud storage buckets on Amazon S3, Google Cloud, Azure, DigitalOcean and Alibaba and identified roughly 19.6 billion files that could be accessed without authentication. Among them were 685 k credential files (e.g., .env, private keys, password‑vault databases) and nearly 1 million database dumps (.sql, .bak). No exploitation was required – a simple web request revealed the data.

Why It Matters for TPRM

  • Mis‑configured storage is a systemic third‑party risk that can affect any organization using cloud buckets.
  • Exposure of credentials and full database exports provides attackers with “master keys” to compromise downstream systems.
  • The sheer volume (billions of files) indicates that many vendors lack adequate governance, monitoring, and configuration‑as‑code controls.

Who Is Affected – SaaS providers, fintech platforms, health‑tech/EHR vendors, retail e‑commerce sites, government agencies, and virtually any business that stores data in public cloud buckets.

Recommended Actions

  • Conduct an inventory of all third‑party cloud buckets used by your vendors and verify that they are not publicly listable.
  • Enforce bucket‑level access controls (IAM policies, bucket policies, ACLs) and enable server‑side encryption.
  • Deploy automated misconfiguration scanning tools (e.g., CSPM) and integrate findings into your vendor risk program.
  • Require vendors to provide evidence of regular cloud‑security posture assessments and remediation processes.

Technical Notes – Attack vector: MISCONFIGURATION of cloud storage buckets. No CVE is involved; the issue stems from missing or overly permissive IAM policies. Exposed data types include credential files (.env, .kdbx, private keys), database dumps (.sql, .bak), and a wide range of business documents (invoices, passports, KYC files). Source: SecurityAffairs – 19.6 Billion Files Are Sitting Open on the Internet. No Password Required

📰 Original Source
https://securityaffairs.com/192787/security/19-6-billion-files-are-sitting-open-on-the-internet-no-password-required.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →