Login

Register

Login

Register

V Shred Exposes Pics and PII on 100,000 Customers | #infosec | #comptia | #cybersecurity | #informationsecurity


Nearly 100,000 customers have had their sensitive personal data and revealing photos exposed online after a US-based fitness company misconfigured an Amazon database.

Las Vegas-headquartered V Shred left the S3 bucket containing over 1.3 million individual files publicly accessible, according to vpnMentor.

The research team discovered the leak on May 14 but it took a whole month for the company to disable access to the offending files. Initially, V Shred apparently claimed it was necessary for user files to be publicly available and denied that any PII data had been exposed. Once informed, it removed the PII but said it was leaving the other files publicly accessible, according to vpnMentor.

The 606GB trove contained three CSV files with PII on over 96,000 users, featuring full names, home and email addresses, phone numbers, birth dates, social security numbers, social media accounts, usernames and passwords, health conditions and more.

The database also contained meal plans, profile photos and “before and after” body photos for some customers, as well as details on 52 trainers, according to the report.

“Using the PII data exposed through the S3 bucket, malicious hackers and cyber-criminals could create very effective phishing campaigns targeting V Shred customers,” vpnMentor claimed.

“If the CSV files contained the social security numbers of any individuals, this would be a goldmine for cyber-criminals. They could utilize such information for a wide range of fraud and wholesale identity theft.”

Users could also be blackmailed with threats to release their before and after photos, it added.

The firm discovered V Shred’s misconfigured S3 bucket as part of a broader web mapping project which has already revealed multiple leaks, exposing hundreds of millions of sensitive records.

These include fitness tech firm Kinomap which accidentally leaked 42 million records, sports retailer Decathlon, which leaked 123 million, and a British printing company which may have exposed military secrets.

Click here for the original Source.

______________________________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

.  .  .  .  .  .  . .  .  .  .  .  .  .  .  .  .   .   .   .    .    .   .   .   .   .   .  .   .   .   .  .  .   .  .





Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW