Researchers have found that a popular photo app has lost thousands of customers' personal information and pictures due to unsecured storage space from Amazon Web Services (AWS).
The discovery was made by vpnMentor, whose researchers found that a The misconfigured PhotoSquared S3 database, which creates printed photo boards from customers' digital images, was left online without password protection.
The S3 database stored 94.7 GB of data and as of November 2016 contained over 10,000 data sets by January 2020. User photos, order records, receipts and shipping labels were uncovered as a result of the data leak.
Because the full names and shipping addresses of PhotoSquared customers were available online, any hacker could use this information to launch an attack on them.
PhotoSquared data leak
According to vpnMentor, PhotoSquared's reputation could suffer from the data leak and t The company could also face compliance fines. In addition, in its investigation report, vpnMentor noted that PhotoSquared customers could be targeted by both hackers and thieves, and said:
This information could be used to plan robberies on the homes of PhotoSquared users , In the meantime, PhotoSquared customers could also target online theft and fraud. Hackers and thieves could use their photos and home addresses to identify them on social media and find their email addresses, or other personal information (PII) that could be used fraudulently. “
The data leak was found by a simple port scan exercise. Fortunately, PhotoSquared was able to fix the leak just 1
Via Infosecurity Magazine