Learn about the critical security implications of misconfigured Amazon S3 buckets in this 41-minute conference talk from the 38th Chaos Communication Congress (38C3). Explore how researchers discovered approximately 100,000 openly accessible S3 buckets containing sensitive information including medical records, personal data, and credit card details. Understand the unique AWS properties exploited to locate these vulnerable storage locations, and discover the methodology used to identify and report concerning data exposures. Examine the challenges faced when attempting to address these security issues, including the difficulties in identifying responsible cloud service users and the limited assistance from cloud providers. Gain insights into successful strategies for getting compromised buckets taken offline, the role of GDPR in motivating action, and when remediation efforts may prove futile.