Login

Register

Login

Register


A popular photo app has leaked the personal data and images of thousands of customers via an unsecured Amazon Web Services (AWS) storage bucket, it has emerged.

Researchers at vpnMentor discovered the misconfigured S3 database, which was left without any password protection, belonged to PhotoSquared, a company which creates printed photo boards for users that send in their digital images.

They found a 94.7GB trove containing over 10,000 records dating from November 2016 to January 2020. The data included user photos, order records and receipts and shipping labels.

As such, a hacker with access to the database could harvest full names and home delivery addresses from customers.

This doesn’t just present a reputational risk for PhotoSquared, which vpnMentor notes is operating in a crowded marketplace, and possible compliance fines, but a serious security risk for its customers.

This could include follow-on phishing and identity fraud as well as potential physical attacks.

“By combining a customer’s home address with insights into their personal lives and wealth gleaned from the photos uploaded, anyone could use this information to plan robberies of PhotoSquared users’ homes,” argued vpnMentor.

“Meanwhile, PhotoSquared customers could also be targeted for online theft and fraud. Hackers and thieves could use their photos and home addresses to identify them on social media and find their email addresses, or any more Personally Identifiable Information (PII) to use fraudulently.”

Discovered by a simple port scanning exercise, the leak was eventually fixed by PhotoSquared on February 14, 10 days after the firm was contacted by the researchers.

The app has over 100,000 installs on Google Play.

PhotoSquared joins multiple other brands that vpnMentor has found to have leaked data in a similar way, including Yves Rocher, Freedom Mobile and LightInTheBox.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW