The CyberNews research team discovered an unsecured data bucket that belongs to View Media, an online marketing company. The bucket contains close to 39 million US user records, including their full names, email and street addresses, phone numbers and ZIP codes.
The database was left on a publicly accessible Amazon Web Services (AWS) server, allowing anyone to access and download the data. Following the 350 million email leak covered by CyberNews earlier in August, this is the second time this summer we encountered an unsecured Amazon bucket containing such massive amounts of user data.
On July 29, the exposed View Media bucket was closed by Amazon and is no longer accessible.
To see if your email address has been exposed in this or other security breaches, use our personal data leak checker.
What data is in the bucket?
The publicly available Amazon S3 bucket contained 5,302 files, including:
700 statement of work documents for targeted email and direct mail advertising campaigns stored in PDF files
59 CSV and XLS files that contained 38,765,297 records of US citizens in total, of which 23,511,441 records were unique
The user record files were created based on locations and ZIP codes that the marketing company’s campaigns were targeting and contained full names, addresses, zip codes, emails, and phone numbers of people based in the US.
Aside from the statement of work documents and user records, the bucket contained thousands of files for various marketing materials, such as banner advertisements, newsletters, and promotional flyers.
Examples of exposed records
Here are some examples of the user records and statement of work documents left on th ..
Support the originator by clicking the read the rest link below.
