Trending

ee-track">
Link copied!

Cyble Detects 200 Billion Files Exposed in Cloud Buckets 

Cyble’s ODIN vulnerability search tool has detected more than 200 billion exposed files in cloud buckets across seven major cloud providers.  The 200 billion exposed files reflect the sheer scale of accidental data exposure on…

May 16, 2025 · 3 min read
Cyble Detects 200 Billion Files Exposed in Cloud Buckets 

Cyble’s ODIN vulnerability search tool has detected more than 200 billion exposed files in cloud buckets across seven major cloud providers. 

The 200 billion exposed files reflect the sheer scale of accidental data exposure on the internet, data that’s often left publicly accessible due to misconfigurations. The files include data ranging from documents and credentials to source code and internal backups. 

The ODIN platform scans cloud buckets at scale and classifies exposed content using machine learning-based detection. ODIN has also detected more than 660,000 exposed buckets, in addition to more than 91 million exposed hosts

Cyble monitors and classifies these datasets to help organizations reduce their attack surface

Exposed Credentials, Source Code and Confidential Files 

Filtering the ODIN data for just three sensitive data types yielded millions of credentials, source code and confidential files (images below; URLs and identifying information redacted). 

Filtering for “source code” and the Go language, for example, yielded 5.6 million results (image below). 

Cloud Buckets

Filtering for env credentials returned 110,000 results: 

Cloud Buckets returned 110,000 results

And a search for confidential files returned more than 1.6 million results: 

Cloud Buckets 1.6 million results:

Those are just three of the several sensitive data types detected by ODIN’s machine learning-based scanning. 

Cloud Storage Bucket Access and Configuration 

Exposed cloud storage buckets have only grown in number since Cyble reported more than 500,000 exposed buckets in August 2024. 

Managing access to cloud storage buckets can be challenging even for the largest organizations, and misconfigured cloud buckets are all too common. While cloud storage is typically private by default, it can quickly get complicated when you start sharing objects or resources. 

Google, for example, recommends taking a Uniform approach, which allows you to use Identity and Access Management (IAM) alone to manage permissions. The Fine-grained approach of combining IAM and Access Control Lists (ACLs) would allow you to specify access on a per-object basis, but because of the need to coordinate between the two different access control systems, there is a bigger risk of unintentional data exposure, and auditing also becomes more complicated. One way to balance access and risk is to use managed folders, which allow fine-grained access to specific groups of objects with a bucket. 

Amazon S3 resources are private by default. S3 offers several access management tools, the most common of which is an access policy, which can be set based on resources such as a bucket, or identity through an IAM identity. 

Microsoft recommends using Microsoft Entra ID and managed identities to authorize access to Azure Storage. 

Detecting Exposed Cloud Storage Files and Buckets 

Without a service like Cyble’s Cloud Security Posture Management (CSPM) platform, it can be difficult to detect misconfigurations and exposed cloud storage buckets. While usage logs are one possible option, routine audits of bucket access permissions are a critically important practice. 

Data loss prevention (DLP) tools can help you identify where you have sensitive data stored that needs to be protected, and other important cloud storage security practices include object encryption and retention and lifecycle management. 

Cyble’s ODIN service can help organizations detect exposed cloud storage buckets and files, and dark web monitoring tools such as those from Cyble can give organizations an early warning when data and credential leaks do occur so they can respond faster and take action to secure accounts and data. 

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams