BreachExchange mailing list archives
Fitness firm V Shred exposes 606 GB worth of sensitive customer data
From: Destry Winant <destry () riskbasedsecurity com>
Date: Tue, 7 Jul 2020 08:44:13 -0500
https://www.hackread.com/fitness-firm-v-shred-leaks-606-gb-customer-data/ Another day, another data breach. This time, V Shred, a fitness, nutrition, and supplement brand has exposed personal and sensitive data of almost 100,000 customers and trainers. The breach took place because of a misconfigured Amazon Web Service (AWS) S3 bucket that exposed 606 GB worth of data without any password or security authentication to public access. The trove of exposed data included: Age Gender Full names Date of birth Spouse names Email address Phone numbers Home addresses Health conditions Citizenship status Social security number Social media accounts Username and password It doesn’t end here. According to vpnMentor, the company that identified the database and shared their report with Hackread.com, users’ Personally identifiable information (PII), profile photos including “very revealing ‘before and after’ body photos” of customers in the United States were also exposed to public access. Although it is unclear if the data was accessed by third-party with malicious intent, if it did, the damage has already been done. For instance, V Shred users are now exposed to online as well as physical scams including phishing, identity theft, and blackmailing. V Shred could potentially lose a lot of customers and followers due to this data breach. People may be reluctant to trust a company that doesn’t sufficiently protect their most private and sensitive data, said vpnMentor’s researchers in a blog post. The researchers warned that the exposed data can also be used by V Shred’s competitors for negative marketing. Therefore, if you are a V Shred’s customer it is time to get in touch with the company and inquire about the data breach. Furthermore, change the password of your email address along with social media accounts. Keep an eye on suspicious emails as cybercriminals can now target you with phishing or malware attacks. For database administrators, it is advised to scan for misconfiguration regularly and implement proper security authentication on their databases. Usually, small businesses would assume that no attacker would be on their throats seeing the low theft potential they present and how they being hacked would be akin to catching a needle in a haystack. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Fitness firm V Shred exposes 606 GB worth of sensitive customer data Destry Winant (Jul 07)