Skip to content
Tech News
← Back to articles

Bucketsquatting is (finally) dead

2026-03-13 | original
read original more articles
Why This Matters

AWS has finally addressed the longstanding issue of bucketsquatting in S3 by introducing a new namespace-based naming convention, significantly enhancing security for organizations and users. This development helps prevent attackers from reusing deleted bucket names to access or disrupt sensitive data, thereby strengthening cloud security practices. It marks a crucial step forward in safeguarding cloud infrastructure and data integrity in the tech industry.

Key Takeaways

For a decade, I have been working with AWS and third-party security teams to resolve bucketsquatting / bucketsniping issues in AWS S3. Finally, I am happy to say AWS now has a solution to the problem, and it changes the way you should name your buckets.

What is Bucketsquatting?

Bucketsquatting (or sometimes called bucketsniping) is an issue I first wrote about in 2019, and it has been a recurring issue in AWS S3 ever since. If you’re interested in the specifics of the problem, I recommend you check out my original post on the topic: S3 Bucket Namesquatting - Abusing predictable S3 bucket names. In short, the problem is that S3 bucket names are globally unique, and if the owner of a bucket deletes it, that name becomes available for anyone else to register. This can lead to a situation where an attacker can register a bucket with the same name as a previously deleted bucket and potentially gain access to sensitive data or disrupt services that rely on that bucket.

Additionally, it is a common practice for organizations to use predictable naming conventions for their buckets, such as appending the AWS region name to the end of the bucket name (e.g. myapp-us-east-1 ), which can make it easier for attackers to guess and register buckets that may have been previously used. This latter practice is one that AWS’ internal teams commonly fall victim to, and it is one that I have been working with the AWS Security Outreach team to address for almost a decade now across dozens of individual communications.

A new namespace

To address this issue, AWS has introduced a new protection that works effectively as a “namespace” for S3 buckets. The namespace syntax is as follows:

<yourprefix>-<accountid>-<region>-an

For example, if your account ID is 123456789012 , your prefix is myapp , and you want to create a bucket in the us-west-2 region, you would name your bucket as follows:

myapp-123456789012-us-west-2-an

Though not explicitly mentioned, the -an here refers to the “account namespace”. This new syntax ensures that only the account that owns the namespace can create buckets with that name, effectively preventing bucketsquatting attacks. If another account tries to create a bucket with the same name, they will receive an InvalidBucketNamespace error message indicating that the bucket name is already in use. Account owners will also receive an InvalidBucketNamespace error if they try to create a bucket where the bucket region does not match the region specified in the bucket name.

... continue reading

Explore topics: aws bucketsquatting bucketsniping security
Related:
Best Smart Home Safes for 2026: Heavyweight Protection
After 30 years with Linux, I gave Windows 11 a chance - and found 9 clear problems
Starbucks discloses data breach affecting hundreds of employees
Grief and the AI split
HP has new incentive to stop blocking third-party ink in its printers

© 2026 GoKawiil

About | Editorial Policy | Contact