During the past year, there has been a surge in data breach reporting regarding Amazon S3 servers left accessible online. This means that anyone with a link to the S3 server could access, view, or download its content. Attackers can obtain these URLs using MitM attacks on corporate networks, accidental employee leaks, or by brute-forcing domains for hidden URLs. 7% of all S3 buckets have unrestricted public access, and 35% are unencrypted, according to statistics by security firm Skyhigh Networks.
Source: https://www.bleepingcomputer.com/news/security/7-percent-of-all-amazon-s3-servers-are-exposed-explaining-recent-surge-of-data-leaks/