Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records

Found on The Register on Friday, 03 August 2018
Browse Various

iCliniq locked down the online silo earlier this week only after the slip-up was brought to its attention by German security researcher Matthias Gliwka. He approached El Reg after failing to get any response to notification emails he sent to the firm.

iCliniq stored these private medical documents in a misconfigured wide-open AWS S3 bucket that could have been potentially pored over by anyone.

He said iCliniq had failed to check for permissions in its web app so every user was able to see every question asked by other members – simply by guessing the ID number of the question.

Yet "The cloud!" is still a common argument in marketing and amongst clueless bosses and developers where nobody realizes (or admits) how insecure it is usually.