The IT security researchers at Website Planet discovered what they dubbed as a ‘large data breach,’ impacting a US-based marketing automation firm, Beetle Eye.
As per Website Planet’s blog post, an estimated seven million people were affected by the data exposure. This included their names, emails, phone numbers, and addresses.
A majority of Beetle Eye’s customers were American nationals, but many customers were Canadian. Presumably, the exposed databases were part of leads that Beetle Eye customers used for digital marketing purposes.
Misconfigured AWS S3 Bucket
In a blog post, researchers stated that a misconfigured Amazon Web Services’ S3 bucket was responsible for exposing over 6k files or 1 GB worth of data. The bucket was left without any password protection and encryption.
According to researchers, around ten different folders were discovered in Beetle Eye’s exposed bucket, and each file in these folders contained data of at least one client.
Three Datasets Identified
There were three different datasets on the bucket, namely, Colorado.com leads, GoldenIsles.com leads, and Unnamed leads. Reportedly, the exposed data sets contained different kinds of personally identifiable information (PII).
For instance, Unnamed leads included full names (first name and surname) of the lead, current/previous addresses, current/previous ZIP codes, and current/previous cities.
GoldenIsles.com leads files contained more PII, such as full names, addresses, email IDs, phone numbers, company names, data collection-related details, and survey responses.
Colorado.com leads files contained full names, addresses, email IDs, and survey answers and questions about Colorado.com magazine subscriptions.
It is yet unclear whether the database was accessed by a third party with malicious intent such as ransomware gangs or threat actors. But in case it did, it would be devastating for Beetle Eye as it exposes customers and employees to the risk of online scams, phishing campaigns, and malware infection.
Good news
Although, the database was identified last year in September the details of it were only shared by the researchers recently. Nevertheless, the good news is that Beetle Eye was quick to secure its database upon receiving alerts from Website Planet.
More database mess up news
Leaky database exposes fake Amazon product reviews scam
Hacker steals govt database with info of entire Argentine population
Ghana govt agency exposed 700k citizens’ data in a database mess up
Household data of 35 million US residents exposed in database mess up
Stripchat database mess up exposes 200M adult cam models, users’ data