Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Customer data from fitness firm V Shred exposed on misconfigured cloud storage

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 8 Jul 2020 13:21:54 +0000 (UTC)
https://siliconangle.com/2020/07/02/customer-data-fitness-company-v-shred-exposed-misconfigured-cloud-storage/

By Duncan Riley
SiliconAngle.com
July 2, 2020
Data relating to at least 99,000 customers of fitness company V Shred LLC has been exposed online in yet another case of misconfigured cloud storage.
Discovered by security researchers Noam Rotem and Ran Locar at vpnMentor and reported today, the unsecured data was found in an Amazon Web Services Inc. S3 bucket. The data, which came in at a sizable 606 gigabytes, included about 1.3 million files relating to V Shred customers.
The database included full names, home addresses, email addresses, phone numbers, birthdays, Social Security numbers, spouse names, social media accounts, gender, health conditions, age range, citizenship status, usernames and passwords. The database also included account profile photos, “revealing” before and after photos and custom meal plans.
The exposed database was discovered on May 14, with V Shred contacted May 18. After no response from the company, the researchers then contacted AWS May 20. AWS responded June 1 and the database was taken offline June 18. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
Previous By Date Next
Previous By Thread Next

Current thread: