An expected around 36,000 Inmate Records of Social Influencers been exposed due to AWS Misconfigured

Nowadays, cloud service has become an important service to a lot of organisation’s, especially to those social media influencers. However, personal details of hundreds of social influencers have been exposed to the public which will lead them to a risk of harassment and fraud only due to a misconfigured cloud.

Early November this year, AWS S3 bucket found been wide open to the public with no protection been implemented either encryption or password protected which it discovered by vpnMentor’s team.

The personally identifiable information (PII) that been exposed can be seen as follows:

  • Full Names
  • Postal Codes
  • Bank Details
  • PayPal Email Address
  • Value of Sales Commissions

The victims that caught in the data leak is been listed as below:

  • Carlota Weber Mazuecos
  • Freedy Cousin Brown
  • Marion Caravano
  • Irsa Saleem
  • Danielle Metz

A representative from JailCore have claimed in the website

That most of the leaked records were for fake inmates and were only created to test the application’s functionality. The representative admitted that a few of the leaked files did contain data on actual inmates, but said that these records did not reveal sensitive information.

The effect of the Misconfigured AWS can lead to the worst cases where the exposed data would be a simple human error rather than an attack from outside such as an attacker

Aside of that, vpnMentor also claimed here that

If somebody shared the invoices publicly, bad actors would have plenty of material to identify any private accounts held by influencers, as well as their homes and workplaces

They continued

This doesn’t just make the people affected vulnerable to phishing and fraud. They’re also at risk from an invasion of privacy, doxing, stalking and harassment – both online and offline

Source: Report – Online Fashion App Exposes Financial Records of Top European Influencers

Any organization can easily prevented the same thing happen to them by taken some basic security measures such as:

  • Harderning the servers and implemented a proper acess rules
  • Don’t expose any system to the internet that doesn’t implemented a proper authentication (MFA or 2FA)

Reference:

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *