UPDATE 11/18/19: Added some additional notes to include mention of AWS Config, Zelkova, and some info about tools by Rhino Security Labs like Pacu ...
For further actions, you may consider blocking this person and/or reporting abuse
Security Hub is just an aggerate of compliance information from multiple AWS Security or Logging Services so it's not going to help in this case.
What's going to help here is turning on AWS Config and using the off-the-shelf AWS Config rule provided by AWS which will tell you if you have public read and write
AWS Internal Service Zelkova is worth giving a read since it can reason whether your have a public bucket.
Turning on Amazon Macie is a great idea that uses ML to monitor S3.
Pacu is something you'll also want to run against your account to see what you can discover in terms of vulnerabilities around S3.
Wow, awesome recommendations. I have looked at Pacu, heard of Macie, but never knew about Zelkova! Definitely going to take a look.
I'll make the correction about Security Hub. I seem to have misunderstood it to be something more like a suite that included AWS Config, when it's really a viewer of aggregated findings from other services.
EDIT / UPDATE: I didn't know that Zelkova worked as part of the underlying tech for the PUBLIC / not public display labels that eventually appeared within the AWS console in viewing S3, and relevant AWS Config rules. Thanks for the links!
Just to clarify when you turn on Security Hub is creates a handful of AWS Config rules for you based on the CIS baseline recommendation. So it does automate the creation of some AWS Config rules for you though just distinguishing that those compliance checks are from AWS Config and not Security Hub.
Ah! Okay, that makes more sense