Information Security News mailing list archives
Customer data from fitness firm V Shred exposed on misconfigured cloud storage
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 8 Jul 2020 13:21:54 +0000 (UTC)
https://siliconangle.com/2020/07/02/customer-data-fitness-company-v-shred-exposed-misconfigured-cloud-storage/ By Duncan Riley SiliconAngle.com July 2, 2020Data relating to at least 99,000 customers of fitness company V Shred LLC has been exposed online in yet another case of misconfigured cloud storage.
Discovered by security researchers Noam Rotem and Ran Locar at vpnMentor and reported today, the unsecured data was found in an Amazon Web Services Inc. S3 bucket. The data, which came in at a sizable 606 gigabytes, included about 1.3 million files relating to V Shred customers.
The database included full names, home addresses, email addresses, phone numbers, birthdays, Social Security numbers, spouse names, social media accounts, gender, health conditions, age range, citizenship status, usernames and passwords. The database also included account profile photos, “revealing” before and after photos and custom meal plans.
The exposed database was discovered on May 14, with V Shred contacted May 18. After no response from the company, the researchers then contacted AWS May 20. AWS responded June 1 and the database was taken offline June 18.
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ Follow InfoSec News on Twitter https://twitter.com/infosecnews_ Follow InfoSec News on LinkedIn https://www.linkedin.com/company/infosecnews/
Current thread:
- Customer data from fitness firm V Shred exposed on misconfigured cloud storage InfoSec News (Jul 08)