An alarming aspect of the entire incident is that vpnMentor contacted both 21 Buttons and Amazon but no one responded nor cared to secure the data.
There are different platforms that have carved out a niche for themselves on the internet. 21 Buttons with over 5 million downloads on Android happens to be one such social network that is primarily geared towards the fashion industry.
It allows users to share their content and also features e-commerce capabilities to sell clothes. In the latest though, there isn’t good news about them. As discovered by vpnMentor on 2 November 2020 in a research report led by Noam Rotem, it has been found that its app has exposed the data of hundreds of influencers due to an AWS bucket being misconfigured.
Overall, the data stored was of over 50 million files which exposed sensitive info including full names, addresses, financial information such as bank account numbers, PayPal email addresses, photos, and videos. Many of these though were already published on the app for everyone to see even before the breach.
[See: Cosmetic giant Natura leaks data again; this time 19 million Avon records]
However, it did make data extraction much easier for malicious actors, and amongst these, certain invoices were also found which showed how much the company had paid in commissions to notable influencers on the platform, said the report vpnMentor shared with Hackread.com.
Furthermore, the personally identifiable information (PII) exposed could be used by future threat actors to engage in phishing an ..
Support the originator by clicking the read the rest link below.
