Obviously, this is a double head-desk fail, that absolutely nobody should ever do. You'd think the first thing any organisation that moved its sensitive data off in-house IT systems to the cloud would check is if it's secure there, but that didn't happen even after some well-published information leaks.
The list of companies that should know better than to not secure their sensitive data is long.
Management consultants Accenture is one name, along with media giant Viacom, United States telco Verizon, and financial news company Dow Jones.
Across the Tasman, the Australian Broadcasting Corporation dumped data for its commercial division - that sells, buys and licenses programmes and more - on the AWS S3 cloud, and left it wide open for anyone to access.
Pentagon's Central and Pacific military commands did the same recently, leading to speculation if the 1.8 billion Facebook and other social media posts, and comments on news sites stored on S3 were part of US internet surveillance.
AWS has tried to educate its customers that leaving data exposed to the internet without access controls is bad, first in July and then recently, when the cloud provider added further security features to make sure admins really notice when their info is at risk.
That AWS had to do so after the unthinkable happened does make you wonder how well its customers understand the whole cloud computing concept not to mention basic the tenets of IT security.
There's also the question if organisations know what they're storing on their systems, the data that is then stuffed into the cloud. Cloud storage is cheap, convenient and infinitely scalable, but does everything have to go there, especially sensitive things and forgotten data that's probably best deleted?
If your organisation uses the cloud, check this is done properly and securely - if not, you could make the news as the next big information leaker, or have the data traded and abused by criminals.