UpGuard

Some data leaks occur through misconfigured storage buckets that allow anonymous access to some or all files. These buckets may be created by employees within your organization, by shadow IT or former employees who have retained business information, or by vendors and other third parties who have data originating from your organization. 

Determine if the bucket belongs to someone associated with your organization. 

UpGuard Data Leaks analysts will provide case notes through the Data Leaks module describing what they have been able to learn about the identity of the owner. This information may be useful for identifying possible owners but not sufficient to identify exactly one owner. In this case, you should consult with personnel inside your organization who manage cloud storage to determine if the bucket is under your organization's control and to identify other possible owners (like former employees). 

If the bucket is under your control, you can log into your cloud console and change the configurations to make it private. 

If the bucket is under the control of a person you are able to identify, contacting them directly is the fastest and most effective way to secure the bucket. 

If the bucket appears to belong to a vendor, contacting the vendor is the fastest and best way to begin the remediation process. If you have a vendor management team at your organization, working with them is the best way to identify the appropriate point of contact. 

- If the bucket is under your control, you can log into your cloud console and change the configurations to make it private. 
- If the bucket is under the control of a person you are able to identify, contacting them directly is the fastest and most effective way to secure the bucket. 
- If the bucket appears to belong to a vendor, contacting the vendor is the fastest and best way to begin the remediation process. If you have a vendor management team at your organization, working with them is the best way to identify the appropriate point of contact. 

Contacting cloud providers to report abuse

If you are unable to identify a likely owner based on the available information, you can contact the cloud provider directly. This process is harder and takes longer than asking someone nicely, so exhausting the first option is recommended. 

<a href="https://support.aws.amazon.com/#/contacts/report-abuse" rel="nofollow noopener noreferrer" target="_blank">https://support.aws.amazon.com/#/contacts/report-abuse</a>

<a href="https://support.google.com/code/contact/cloud_platform_report?hl=en" rel="nofollow noopener noreferrer" target="_blank">https://support.google.com/code/contact/cloud_platform_report?hl=en</a>

<a href="https://msrc.microsoft.com/report/abuse" rel="nofollow noopener noreferrer" target="_blank">https://msrc.microsoft.com/report/abuse</a>

<a href="https://www.digitalocean.com/company/contact#abuse" rel="nofollow noopener noreferrer" target="_blank">https://www.digitalocean.com/company/contact#abuse</a>

Learn how to contact cloud providers like AWS, Google Cloud, and Microsoft Azure when data leaks occur in cloud storage buckets.

Determine if the bucket belongs to someone associated with your organization.

Contacting cloud providers to report abuse

Amazon

Google Cloud

Microsoft

Digital Ocean