131 Google Cloud buckets were found to be vulnerable to unauthorized access by users who could list, download and/or upload files. Among the exposed data that the firm uncovered were 6,000 scanned documents that included passports, birth certificates and personal profiles from children in India. An attacker could download all files in the bucket using the gsutils command-line tool, an official tool from Google for managing buckets, researcher Paul Bischoff warned. Bucket names must be between three and 63 characters, and names must start and end with a number or letter. Amazon s S3 buckets are the most popular means for apps, websites and online services to store data in the cloud.
Source: https://threatpost.com/google-cloud-buckets-exposed-misconfiguration/159429/