Researchers at Palo Alto Networks Unit 42 have documented a bucket hijacking technique that exploits a fundamental architectural property shared across Amazon Web Services, Google Cloud, and Microsoft Azure: the global uniqueness of storage bucket names. The finding, published June 22, 2026, outlines how an attacker with sufficient permissions inside a victim’s cloud environment could silently redirect continuous data streams to an externally controlled bucket.

How the Attack Works

Cloud providers such as AWS and Google Cloud enforce globally unique bucket names, meaning no two accounts can hold a bucket with the same name simultaneously. This design simplifies data stream configuration but creates what Unit 42 calls a global namespace risk: a bucket’s identity is anchored to its name alone, not to an immutable account identifier.

Many cloud architectures use automated data streams to continuously push telemetry, audit logs, and objects to designated storage destinations. Examples include Google Cloud logging sinks that route entries to a Cloud Storage bucket, and AWS S3 bucket replication. Once a stream is configured, it operates autonomously in the background.

The attack proceeds as follows:

  • An attacker compromises a cloud environment and obtains permissions sufficient to delete the target bucket.
  • The attacker deletes the original destination bucket, either by first emptying it or through direct deletion permissions.
  • The attacker immediately recreates a bucket with the identical name inside their own cloud account.
  • The existing data stream, still referencing the original bucket name, begins delivering logs and data to the attacker-controlled bucket.

Unit 42 demonstrated the technique against Google Cloud Logging, walking through deletion of a sink’s target bucket and reconstruction of it under an external project. The required permissions in that scenario included the ability to empty and delete the bucket, without requiring any direct modification of the logging sink configuration itself. This is significant because it bypasses the intuitive access controls security teams typically monitor.

Scope and Vendor Notification

The researchers note the vulnerability class likely extends beyond the three providers specifically examined, given that global namespace design is common across the cloud industry. Unit 42 has disclosed its findings to Google Cloud, AWS, and Microsoft Azure.

Critically, the researchers state they have not observed this technique used by any real-world threat actor. However, they flag that detection would be particularly difficult once a stream has been rerouted, because the originating environment continues to function normally while data silently flows to an external destination.

Recommended Actions

Unit 42 urges organizations to act proactively, particularly around permissions hygiene. Security teams should audit who holds bucket deletion rights across their cloud environments, and review whether existing data stream destinations remain under organizational control. Monitoring for unexpected bucket deletions and recreation events is also advisable, especially where logging sinks or replication rules are in use.

The researchers note that certain IAM permissions outside the traditional data stream update controls can be leveraged to effect this rerouting, making conventional permission boundary reviews an insufficient defense on their own.