- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
- 구글 클라우드, 구글 워크스페이스용 제미나이 사이드 패널에 한국어 지원 추가
- The best MagSafe accessories of 2024: Expert tested and reviewed
- Threads will show you more from accounts you follow now - like Bluesky already does
Marketing Firm Exposes Lead Data
Security researchers at Website Planet have discovered an unsecured Amazon S3 bucket containing the Personal Identifiable Information (PII) of millions of people.
Inside the bucket were ten folders, containing around 6,000 files and totaling over 1GB of data. While most (approximately 99%) of the data belongs to American residents, some information relates to people living in Canada.
In a blog post detailing the security failure, researchers claim that the unsecured bucket is the property of Beetle Eye–a marketing and CRM company which is based in Sarasota, Florida.
“We know that Beetle Eye owns the misconfigured Amazon S3 bucket because of references to the company inside the bucket,” wrote the researchers.
Beetle Eye’s clients include the Hilton Sandestin Beach, the Marigot Bay resort, Grand Junction Colorado and Miles Partnership.
Researchers said the PII was publicly accessible to all internet users because the bucket had not been configured correctly. No password protection or encryption had been implemented to secure its contents.
Exposed records contained several forms of PII including names, phone numbers, email addresses and mailing addresses. Researchers were also able to access answers individuals had given to survey questions.
“Specifically, this data relates to the ‘leads’ of the companies using Beetle Eye’s marketing automation platform,” wrote researchers. “In other words, the data exposed most likely belongs to potential customers of Beetle Eye’s clients.”
Three different datasets–Unnamed leads, GoldenIsles.com leads and Colorado.com leads–were found inside the bucket.
Researchers estimated that the PII of around seven million unique users was exposed in this data breach.
“This estimate is based on a sample of roughly 0.124GB of .csv files, taking duplicates into account,” they stipulated.
After discovering the open bucket on September 9 2021, Website Planet sent a responsible disclosure of the data breach to Beetle Eye and its parents company, Atlantis Labs, on the same day. The researchers also disclosed the breach to AWS and the USA Computer Emergency Response Team (CERT).
“We suggest Beetle Eye (and companies in general) always double-check their databases to make sure they are secure,” said the researchers.
“It’s also advised companies assess the security of their databases at regular intervals.”