Data Deposit Box Exposes PII of 270K Users

Mar 26, 2020 06:00 pm Cyber Security 264

Data Deposit Box Exposes PII of 270K Users

A company that provides secure cloud storage services has exposed over a quarter of a million private files uploaded by its customers. 





Data Deposit Box left a database containing over 270,000 customer files on an unsecured Amazon S3 bucket. As a result of the breach, data including personally identifiable information (PII) belonging to Data Deposit Box customers was exposed. 





The open bucket was discovered on Christmas Day, 2019, by a Vpnmentor research team led by cybersecurity analysts Noam Rotem and Ran Locar. 





Inside the unsecured cloud storage device, researchers discovered a database packed with thousands of files dating from 2016 to December 25, 2019. Researchers were able to view private user data, including admin usernames and unencrypted passwords in plain text. 





Researchers were also able to access IP addresses, email addresses, and GUIDs (globally unique identifiers for resources).





In a report on the breach published March 25, Vpnmentor researchers wrote: "In this case, we identified Data Deposit Box as the owner of the database. Before publishing this report, we reached out to the company to share our findings and provide guidance on how to resolve the issue."





Data Deposit Box was contacted regarding the breach on December 20, 2019. By January 6, the database on the open bucket had been secured. 





Researchers warned that the breach could have dire consequences.





"The unencrypted usernames and passwords exposed in this breach may allow malicious parties to access Data Deposit Box’s customers’ accounts," wrot ..

Support the originator by clicking the read the rest link below.

deposit exposes users
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!