Once again, a firm has breached users’ privacy by exposing customers data publicly via an unsecured cloud server. This time, it is an Indian marketing firm ‘FormGet’ that inadvertently exposed users’ sensitive documents online via an unsecured Amazon S3 storage bucket.
FormGet Exposed Users Documents
Reportedly, the Bhopal-based email marketing service and online form maker FormGet had a security lapse. The company leaked a bulk of sensitive documents of its customers from an unsecured cloud server.
The problem first caught the attention of a researcher who later reported the issue to TechCrunch. Further investigation revealed that the firm actually left “hundreds of thousands of files” on an unprotected Amazon S3 bucket. The leaked data included information dating back to 2013 in a well-organized form. It also included sensitive personal information of the users. Such as,
- Scanned documents of the users including scanned passports, driver’s licenses, Social Security numbers, identity cards.
- Certification letters of former veterans from Veteran Affairs.
- Bank accounts statements, bills, and other proofs of residency.
- Mortgage and loan details.
- Sensitive corporate documents related to cybersecurity assessment.
- UPS shipping labels.
- Detailed resumes.
- Invoices for billed services.
- Receipts for airline and hotel bookings.
All these details uploaded by the users were present in year-wise folders and subfolders on the server. Thus, it was quite easy for a perpetrator to get well-sorted year-wise users’ records all at once.
No Comment From The Firm Yet
After receiving the report regarding the security lapse, TechCrunch reached out to FormGet to inform them of the matter. The firm subsequently pulled the database offline. However, TechCrunch didn’t hear back from the firm in response to their emails.
Recently, a Brazilian financial service also exposed huge records online. The total exposed data summed up to 250GB that included details of customers of various local banks, including Banco Pan.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- Microsoft December Patch Tuesday Addressed Zero-Day Under Active Exploit - December 13, 2019
- Microsoft Phishing Attack Bypasses Security By Creating Local Login Form - December 9, 2019
- The Spotify Phishing Attack That Tricks Users Through Fake Failed Payment Notices - December 9, 2019