A recent cybersecurity investigation has revealed that abandoned cloud storage resources, including those previously used by military, government, and cybersecurity organizations, remain vulnerable to takeover by malicious actors. The watchTowr cybersecurity firm published an in-depth report exposing how improperly discarded Amazon Web Services (AWS) S3 buckets are still actively receiving requests from major institutions, highlighting a widespread security oversight with global implications.
The Scale of the Security Threat
The study, which analyzed 150 AWS S3 buckets once used by corporate, open-source, government, and critical infrastructure sectors, revealed that these abandoned storage units continued to receive over 8 million HTTP requests in just two months. These requests sought software updates, templates, configurations, and other critical data—all of which could have been compromised if controlled by a malicious party.
According to watchTowr CEO Benjamin Harris, this issue is akin to receiving mail at a newly purchased home that still belongs to previous owners—except in this case, the “letters” come from military, government, and corporate sources, making the risk substantial and deeply concerning.
Potential Attack Vectors: How Hackers Could Exploit Abandoned Storage
The researchers demonstrated several ways in which abandoned S3 buckets could be exploited:
- Malicious software updates: Attackers could insert malware into update mechanisms, compromising government and corporate systems.
- Unauthorized AWS access: A hijacked CloudFormation template could grant full control over AWS environments.
- Backdoored virtual machines: Attackers could distribute compromised virtual machine images with built-in remote access tools.
- Ransomware and data exfiltration: Abandoned buckets could be used to deploy ransomware or steal sensitive corporate or government data.
Major Organizations Affected
The study found that abandoned S3 buckets were still receiving requests from high-profile entities, including:
- Government organizations from the United States, United Kingdom, Poland, Australia, South Korea, Turkey, Taiwan, and Chile.
- Fortune 500 companies across various industries.
- Major payment card companies and banks.
- Universities, software firms, and casinos.
- Even cybersecurity firms, including a major antivirus provider and a VPN appliance vendor.
Particularly alarming was the discovery that some abandoned buckets were still connected to .mil websites—a domain operated by the U.S. Department of Defense. This raised concerns about potential military intelligence exposure.
AWS and Industry Response
AWS responded to the report by stating that their infrastructure functioned as designed, blaming the issue on customers who deleted S3 buckets still referenced by third-party applications. However, after receiving watchTowr’s findings, AWS blocked the re-creation of the compromised buckets, effectively neutralizing some risks.
Proposed Solutions to Address Cloud Infrastructure Abandonment
WatchTowr’s primary recommendation is for AWS and other cloud providers to prevent the re-registration of previously deleted S3 bucket names—a simple measure that would eliminate a vast category of abandoned infrastructure exploits.
Harris acknowledged that AWS may have usability concerns regarding bucket transfers and re-registrations, but he emphasized that security risks outweigh convenience in this case.
The Bigger Issue: A Culture of Disposable Cloud Infrastructure
The cybersecurity report emphasized that this problem stems from a larger industry-wide mindset—one where cloud resources are seen as easily disposable.
- Domain names, IP addresses, and cloud storage are acquired cheaply and abandoned without consideration of long-term security risks.
- Once a cloud resource (like an S3 bucket) is referenced in software updates, corporate documentation, or IT systems, that reference can persist indefinitely, making abandoned infrastructure a serious threat.
Key Takeaways & Warnings
- Abandoned cloud storage resources remain active security risks—even years after deletion.
- Malicious actors could hijack abandoned AWS S3 buckets to push malware, ransomware, or unauthorized updates to high-profile institutions.
- Critical organizations—including government agencies, Fortune 500 companies, and cybersecurity firms—are affected by this issue.
- AWS should block the re-registration of previously deleted bucket names to prevent future takeovers.
- Organizations must track and properly retire their cloud infrastructure to avoid unintentional exposure.
This research highlights an urgent need for better cloud infrastructure hygiene, particularly among government agencies and large enterprises.
Restore Democracy: End Lobbying and Return Power to the People! Sign Petition Here!
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
Disposable. That seems to be the word our culture is using more and more. And acting on it too. It’s not good stewardship of the resources we’ve been given and like you note time and again, it leaves massive holes for security breaches.
Thank you very much for your comment! Well said. The disposable mindset has crept into everything, and it’s creating more problems than people realize. Poor stewardship of resources isn’t just wasteful—it’s a direct gateway to security vulnerabilities. When everything is treated as replaceable, accountability goes out the window, and that’s when breaches happen.