New research published on Monday reveals that 5.8% of all Amazon S3 buckets are publicly readable, while 2% are publicly writeable —with the latter allowing anyone to add, edit, or delete data, and even hold a victim's data for ransom.

This new research, carried out by French cyber-security company HTTPCS, comes to update a previous survey of Amazon S3 buckets from September 2017.

That survey, carried out by cloud security experts from Skyhigh Networks (now part of McAfee), found that 7% of all Amazon S3 storage buckets were publicly readable.

At the time, experts believed that the high number of publicly readable buckets was the main reason behind a spike in data breach reports.

The new HTTPCS survey scanned over 100,000 S3 buckets, but also looked for buckets to which anyone could add data. This new scan was most likely carried out after a Bleeping Computer report from last week warned that such buckets could be abused for data ransom attacks.

"20% of public Buckets (i.e. 2% of the total) aren't write-protected, what might lead to data corruption attacks, malware spreading, and even to ransomware attacks, as we could see in 2017 on poorly configured MongoDB databases," HTTPCS experts discovered, adding that "only 5% of the Buckets which aren't write-protected (i.e. 0.1% of the total) don’t contain any file, therefore the possibilities of large-scale attacks are quite real."

The new survey's results were compiled in an infographic, to be easier to digest.