New 'Bucket Hijacking' Attack Can Silently Reroute Your Cloud Data to Hackers

Unit 42 reveals a critical cloud attack, bucket hijacking, affecting Google, AWS, Azure. Learn prevention tips and protect your data.

By Content Team

Jun 27, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Researchers at Unit 42 have uncovered a serious cloud attack technique called bucket hijacking, confirmed to work across Google Cloud, AWS, and Microsoft Azure. The method exploits a simple but fundamental flaw: cloud storage bucket names are globally unique, meaning whoever owns the name owns the destination.

An attacker with bucket deletion permissions can delete a target's active storage bucket, immediately re-register the same name under their own account, and watch the original data stream — audit logs, telemetry, metrics — flow silently into their environment. No alerts fire. No errors appear. The pipeline just keeps running.

Unit 42 recommends restricting deletion permissions, enforcing data perimeter controls, and monitoring bucket deletion API calls closely.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

PSNI Officers' Names Appear Again on Court Website After 2023 Data Breach

Feb 12, 2026

M&S Cyber Attack Chaos Leaves More Questions Than Answers

Feb 18, 2026

Critical Microsoft Office Flaw Lets Attackers Take Control Without User Interaction

Mar 12, 2026

Kaiser Permanente Settles Privacy Breach for $46 Million - Here's How to Claim Your Share

Feb 4, 2026