A “secure” cloud storage provider not so “secure” for customers after all.
Another day, another data breach – This time, researchers have identified a massive trove of data exposed on an unprotected Amazon S3 bucket.
The worse part of it is that anyone with an Internet connection could access the data since it was left without any security authentication.
According to vpnMentor‘s research team, the database was owned by Data Deposit Box., a Canadian secure cloud storage provider. An in-depth analysis by the team revealed that the misconfigured S3 bucket contained around 270,000 personal files uploaded by the company’s customers using its secure cloud storage service.
The worrisome part is that among other sensitive data such as usernames, passwords, IP addresses, email addresses and globally unique identifiers for resources (GUIDs), the database also contained PII (personally identifiable information) of customers – All in plain-text format.
Combined screenshots of exposed data (Via vpnMentor)
Although it is unclear if the database was accessed by third-party with malicious intent, if it was, it exposes customers to real-life blackmailing, extortion, and identity theft-related scams. An attacker can also use exposed login credentials to hack victims’ accounts on other websites in case they are using the same password.
Nevertheless, this, not only puts their social media and personal email accounts at risk, but also opens doors for crooks to distribute malware among their contacts.
As for Data Depo ..
Support the originator by clicking the read the rest link below.
