Nowadays, cloud service has become an important service to a lot of organisation’s, especially to those social media influencers. However, personal details of hundreds of social influencers have been exposed to the public which will lead them to a risk of harassment and fraud only due to a misconfigured cloud.
Early November this year, AWS S3 bucket found been wide open to the public with no protection been implemented either encryption or password protected which it discovered by vpnMentor’s team.
The personally identifiable information (PII) that been exposed can be seen as follows:
- Full Names
- Postal Codes
- Bank Details
- PayPal Email Address
- Value of Sales Commissions
The victims that caught in the data leak is been listed as below:
- Carlota Weber Mazuecos
- Freedy Cousin Brown
- Marion Caravano
- Irsa Saleem
- Danielle Metz
A representative from JailCore have claimed in the website
That most of the leaked records were for fake inmates and were only created to test the application’s functionality. The representative admitted that a few of the leaked files did contain data on actual inmates, but said that these records did not reveal sensitive information.
The effect of the Misconfigured AWS can lead to the worst cases where the exposed data would be a simple human error rather than an attack from outside such as an attacker
Aside of that, vpnMentor also claimed here that
If somebody shared the invoices publicly, bad actors would have plenty of material to identify any private accounts held by influencers, as well as their homes and workplaces
This doesn’t just make the people affected vulnerable to phishing and fraud. They’re also at risk from an invasion of privacy, doxing, stalking and harassment – both online and offline
Any organization can easily prevented the same thing happen to them by taken some basic security measures such as:
- Harderning the servers and implemented a proper acess rules
- Don’t expose any system to the internet that doesn’t implemented a proper authentication (MFA or 2FA)