Exposed PII in Public RDS Snapshots - Risks and Remediation

Explore the critical issue of data leakage through public Amazon RDS snapshots in this 34-minute conference talk from BSidesLV. Delve into the risks associated with accidentally exposing sensitive information, including Personally Identifiable Information (PII), when using the Amazon Relational Database Service. Learn about the research process conducted by Mitiga, uncovering hundreds of exposed databases monthly. Gain valuable insights into RDS snapshot configurations, limitations, and real-life examples of data exposure risks. Discover effective strategies for preventing, detecting, and remediating accidental public sharing of RDS snapshots. Understand the automated monitoring process developed to identify and remove public snapshots, ensuring data security. Presented by Ariel Szarf and Doron Karmi, this talk provides essential knowledge for database administrators, security professionals, and anyone working with cloud-based database services.

BG - Oops, I Leaked It Again - How we found PII in exposed RDS Snapshots