Another misconfigured Amazon Web Services (AWS) S3 cloud storage bucket has been left insecure this time exposing the sensitive data of 12,000 social media influencers, most of whom were female.
On 4 January, UpGuard researcher Chris Vickery discovered the bucket containing the real names, addresses, phone numbers, email addresses - including those specified for use with PayPal, from popular YouTube, Instagram, Twitter and Twitch users, according to a 5 February blog post.
The bucket was left exposed by the Paris-based brand marketing company Octoly which has digital brand marketing operations, across Europe and North America.
“After multiple notifications of the exposure to the affected entity, by 12 January, the damaging sql backup would be deleted from the repository,” the post said. “Remaining exposed, however, was a large amount of regularly updated spreadsheets containing personally identifiable information - data that would not be secured until 1 February, despite more notifications.”
Researchers noted that while no financial information was compromised, the leak damages the brands credibility and more importantly exposes victims to online harassment and cyber-stalking.
CyberGRX chief executive officer Fred Kneip said these types of breaches are becoming increasingly common as digital ecosystems expand and organisations trust more vendors, customers and third parties with safekeeping their data.
“Whether you're a Fortune 500 company or a YouTube star, there are hackers out there who want your data and they are working hard to identify the path of least resistance,” Kneip said. “Far too often, that path goes through a third party with access to your data.”
Kneip added that the only way to prevent this is for organisations to gain a real-time understanding of which third parties have weak security controls in place so that they can work together to mitigate potential vulnerabilities before they're exploited.