Australian News Sharing Platform Snewpit Exposes 80,000 User Records

Australian News Sharing Platform Snewpit Exposes 80,000 User Records

To increase efforts to secure user data, Snewpit will be reviewing “all server logs and access control settings” to confirm that no unauthorized access took place and to ensure that “user data is secure and encrypted.”


The CyberNews investigations team discovered an exposed data bucket that belongs to Snewpit, an Australian news sharing platform. The unsecured bucket contains close to 80,000 user records, including usernames, full names, email addresses, and profile pictures.


The files that contain the records were stored on a publicly accessible Amazon Web Services (AWS) server, which means that anyone with a direct URL to the files could access and download the data that was left out in the open.


On September 24, the sensitive files in the Snewpit bucket were secured by the company and are no longer accessible.


To see if your email address has been exposed in this or other security breaches, use our personal data leak checker.


What data is in the bucket?


The exposed Snewpit Amazon AWS bucket contained 26,203 files, including:


256 video files filmed and uploaded by Snewpit users and developers
23,586 image files of photos documenting local events that were apparently uploaded by the users
4 CSV files, one of which contained 79,725 user records, including full names, email addresses, usernames, user descriptions, last login times, and total time spent in the Snewpit app, among other metrics

Aside from the user records, the bucket also contained thousands of user profile pictures.


Examples of exposed records


Here are some examples of the user records, videos, and images left on the exposed Snewpit bucket.


The CSV file contains user records for what we assume to be users who download ..

Support the originator by clicking the read the rest link below.