The File That Contained the Keys Has Been Removed: An Empirical Analysis of Secret Leaks in Cloud Buckets and Responsible Disclosure Outcome

As cloud adoption accelerates, the operational risks associated with misconfigured storage services like AWS S3, Google Cloud Storage, and Azure Blob Storage continue to grow. One critical but often overlooked threat is the leakage of sensitive secrets -- such as API keys, database credentials, and access tokens -- through publicly exposed configuration files.

In this talk, we present findings from a large-scale scan of publicly accessible cloud buckets, where we identified 215 real-world cases of exposed secrets. These leaks granted unauthorized access to critical infrastructure, third-party APIs, and internal services, illustrating how simple misconfigurations can lead to severe operational and reputational damage.

Within this presentation, we will walk through the types of files and secrets most commonly exposed, demonstrate how they were detected non-intrusively, and share insights into the incident response patterns across different organizations. Importantly, we will discuss our coordinated disclosure efforts, which led to the remediation of 95 cases, and highlight the challenges in driving action even after vulnerabilities are reported.

This session will equip operators, security teams, and cloud engineers with practical recommendations to audit their own storage environments, avoid common pitfalls, and build more resilient disclosure and remediation workflows.