%20(3)-1.png?quality=high&width=1900&height=1250&name=CSS%20-%20Blog%20(Featured%20Images)%20(3)-1.png)
%20(1).png?width=2000&height=1125&name=CSS%20-%20Blog%20(Featured%20Images)%20(1).png)
As of late 2024, the public cloud is the technology of choice for organizations looking to build new applications and workflows. Accompanying this continuous migration to the cloud is the natural influx of data that are processed, stored, and transmitted by these applications. Furthering this problem is the fact that this already larger volume of data is being distributed over an ever-increasing number of storage repositories like Amazon S3 buckets, Azure Blobs, and Google Cloud Storage Containers.
In the past few months, Casmer Labs, Cloud Storage Security’s internal threat laboratory, has observed a number of high-profile incidents wherein either by human error, lack of monitoring/observability, or other factors, publicly accessible object storage resources have resulted in catastrophic data breaches.
FTX Japan, which suspended operations in November 2022, is one of the latest organizations to expose their customers’ data due to a publicly accessible Amazon S3 bucket. First discovered on May 15, 2025 by Cybernews, the publicly accessible bucket held over 26 million files, including:
- Usernames and real names
- Email addresses
- Residential addresses
- FTX account IDs
- Detailed transaction logs including borrowing/lending history, cryptocurrencies, collateral types, margin rates, and risk flags
While FTX Japan moved to a withdrawal-only policy back in 2022, researchers have discovered customer data within the bucket generated as recently as July 2025. Similar to many other data breaches resulting from Amazon S3 misconfigurations, this data could be used to supplement cyber actors’ ongoing social engineering efforts (including phishing). By using this data to appear more legitimate, as well as the possibility of using wallet information to target those with more to lose, cyber actors can still use this information to their advantage.
If you or anyone you know have signed up or made any transactions with FTX Japan, Cloud Storage Security recommends that you immediately change your passwords and enable multi-factor authentication for any accounts that could have been compromised or exposed. To prevent a similar incident from affecting your organization, take the following steps:
- Restrict Public Access & Secure Cloud Storage
- Configure strict access controls to ensure only authorized users or services can access sensitive data
- Regularly review and update permissions to minimize exposure
- Monitor & Audit Access Logs
- Continuously track access logs to detect unauthorized activity
- Conduct retrospective log analysis to identify any suspicious access patterns
- Encrypt Data at Rest & In Transit
- Enable server-side encryption to protect stored data
- Use AWS Key Management Service (KMS) or equivalent tools to securely manage encryption keys
- Automate Security Measures
- Deploy automated security checks to detect misconfigurations and vulnerabilities
- Use cloud security tools that provide real-time alerts and automated remediation
- Conduct Regular Security Audits
- Perform frequent security assessments to identify and address weak points
- Implement penetration testing to simulate potential attacks and strengthen defenses
- Train Employees on Cybersecurity Best Practices
- Educate teams on data security, phishing risks, and access control policies
- Establish clear protocols for handling and securing sensitive information
To automatically surface misconfigurations such as publicly accessible Amazon S3 buckets, DataDefender by Cloud Storage Security offers 90+ security checks over 11 AWS services. You can try DataDefender out for free today by joining our beta program here.
About DataDefender and Cloud Storage Security
DataDefender by Cloud Storage Security offers customers complete protection over the entirety of their cloud storage environment. Make sure your organization:
Knows where its sensitive data resides
Configures their storage resources in a secure manner
Prevents the ingestion and distribution of malware, including ransomware
Identifies and stops internal and external attacks against storage, and the data within
The DataDefender beta program is available now. Sign up today and ensure that your organization’s data is protected according to its sensitivity.
Share:
