Misconfigured AWS Bucket Exposes Hundreds of Social Influencers
Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine
A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers.
A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently yet to be taken by the company responsible, Barcelona-based “social commerce” company 21 Buttons.
For a commission, influencers upload their photos to the firm’s app and link to the e-commerce stores where users can buy the clothes they’re wearing.
Fashion social network 21 Buttons exposes user data via unsecured cloud storage
SHARE
21 Buttons La Plataforma APP S.L., a Spain-based technology startup that offers a fashion social network and clothing shop, has suffered a data breach with the records of its users found exposed online.
Discovered and publicized today by researchers led by Noam Rotem at vpnMentor, the data was found on an unsecured Amazon Web Services Inc. S3 cloud storage bucket. It included 50 million pieces of data, including social media posts and profiles, invoices, full names, addresses, postal codes, bank details, nation ID numbers, PayPal email addresses and in some cases the value of sales commission earned through the app.