Plastic surgery company leaks images of 100,000s of customers

Plastic surgery company leaks images of 100,000s of customers

Another day, another data breach – This time, a plastic surgery technology company has leaked highly sensitive data and as usual, victims of the breach are unsuspecting customers.


About a month ago on 24 January, a team of researchers from vpnMentor discovered a new data breach that led to the media data of thousands of plastic surgery patients to be exposed.


To discover how this happened, let’s look at NextMotion, a company found in 2015 that provides over 170 clinics globally with a variety of services including data management, digitalization of all documentation and patient records, marketing, photography & videography.


See: Hackers Leak Thousands of Naked Photos of Plastic Surgery Patients


To achieve this, it has to store thousands of images online which are confidential and even may involve specific body parts making these records even more sensitive. It does so via its own proprietary software with the claim that “all your data is covered with the highest requested security level” in compliance with the GDPR regulation and other laws.

However, a look at its database on Amazon Web Services (AWS) revealed the very opposite. Within an S3 bucket, it was found completely insecure without any access control mechanism whatsoever making Trump’s security measures on his iPhone look great.


Since the database was named after the company itself, it did not take long to find out who owned it as well. This, according to vpnMentor’s blog post all ..

Support the originator by clicking the read the rest link below.