Let’s imagine that you store usernames and passwords in cleartext in the S3 bucket. Let’s assume that access to the entire bucket is configured properly and the “Access Denied” error returned, as shown below.
Press enter or click to view image in full size
However, with a certain request to Google, we see that the files in the S3 were indexed.
Press enter or click to view image in full size
After opening the file we get so many accounts hijacking… (of course don’t forget about bypassing geolocation/trust device protections, etc)
Press enter or click to view image in full size
Don’t store sensitive information in cleartext, especially the username & password combination :)
