Misconfiguration of Amazon AWS Web Services leaves half a million customers exposed

Date: 17th June 2021

Severity: High

Nearly half a million of cosmetics customers on Amazon Web Services were in for a shock when a misconfigured cloud storage account exposed their personal data to the hackers. The leak of Amazon’s S3 bucket to popular Turkish beauty products firm, Cosmolog Kozmetik was traced by a research team at reviews site, WizCase.

The 20 GB leak contained approximately 95000 files, which included thousands of Excel files containing personal information of 5,67,000 unique users who bought products across multiple e-commerce platforms. As per the report, the data had no mention of payment information and only had the customers’ full names, addresses and purchase details and phone numbers and email IDs of few customers.

Since the oldest orders dated to 2019, it is quite clear that the database was updated on a consistent basis. WizCase issued a warning that if the attackers managed to find and copy the leaked data, the shoppers would be at risk of phishing and fraud or perhaps refund scams that loom large in such scenarios. This is one of the innovative ways of trapping customers. The only seeming way to stop such attacks is to provide as less information as the customers can on such platforms and mitigate risks.

Source: WizCase

Check Also

Hackers access personal data of 79,400 customers of local mobile operator and internet service provider in Singapore

Date: 10th September 2021 Severity: High A local mobile operator & internet service provider confirmed …

Leave a Reply

Your email address will not be published.