Microsoft and Amazon are giants in the cloud storage business. With Microsoft’s Azure platform, and Amazon’s AWS, they dominate the cloud file storage market. Both of these companies take security and privacy seriously, ensuring customers that the data they upload to cloud is safe. This is why it was such a shock to find that they both allow Google to index the files in the blob storage.
Although this was discovered by a security researcher in 2011, it has recently garnered the attention of security professionals on twitter. Mikko Hypponen of F-Secure pointed his followers to try out the “bug” by searching for content on Azure Blob Store with the words “Confidential” in it:
Microsoft doesn’t seem to block Google Search from indexing files in the Azure Blob storage.
— Mikko Hypponen (@mikko) May 30, 2017
That search query
site:core.windows.net "confidential" yields some very interesting results:
To search for content in Amazon’s AWS storage, use the query:
You can also search for specific types of files, for example:
site:http://s3.amazonaws.com filetype:xls password
site:http://s3.amazonaws.com filetype:xls secret
site:http://s3.amazonaws.com "TOP SECRET"