FormGet security lapse exposed thousands of sensitive user-uploaded documents

[InfoSec News <alerts () infosecnews org>]

https://techcrunch.com/2019/07/25/formget-security-lapse-exposed-documents/

By Zack Whittaker
TechCrunch
July 25, 2019

If you’ve used FormGet in the past few years, there’s a good chance we know 
about it.

FormGet bills itself as an online form maker and email marketing company based 
in Bhopal, India. The company allows its 43,000 customers to create online 
forms so others can submit their resumes or apply for a job, or provide proof 
of address or employment, buy goods online and more.

How do we know? Because the company left one of its cloud storage servers 
online and exposed without a password.

An anonymous security researcher found FormGet’s exposed Amazon S3 storage 
bucket and informed TechCrunch in the hope of getting the data secured. FormGet 
pulled the bucket offline overnight after we reached out to the company on 
Wednesday. But the company’s founder and chief executive Neeraj Agarwal did not 
respond to several emails and follow-ups requesting comment.

The storage bucket was packed with hundreds of thousands of files and 
documents. The storage bucket had a folder for each year dating back to 2013 
and contained sub-folders for each month, filled with user-uploaded documents.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_