Indian Marketing Firm FormGet Publicly Exposed Users’ Documents Via Unsecured Server

  • 2

Once again, a firm has breached users’ privacy by exposing customers data publicly via an unsecured cloud server. This time, it is an Indian marketing firm ‘FormGet’ that inadvertently exposed users’ sensitive documents online via an unsecured Amazon S3 storage bucket.

FormGet Exposed Users Documents

Reportedly, the Bhopal-based email marketing service and online form maker FormGet had a security lapse. The company leaked a bulk of sensitive documents of its customers from an unsecured cloud server.

The problem first caught the attention of a researcher who later reported the issue to TechCrunch. Further investigation revealed that the firm actually left “hundreds of thousands of files” on an unprotected Amazon S3 bucket. The leaked data included information dating back to 2013 in a well-organized form. It also included sensitive personal information of the users. Such as,

  • Scanned documents of the users including scanned passports, driver’s licenses, Social Security numbers, identity cards.
  • Certification letters of former veterans from Veteran Affairs.
  • Bank accounts statements, bills, and other proofs of residency.
  • Mortgage and loan details.
  • Sensitive corporate documents related to cybersecurity assessment.
  • UPS shipping labels.
  • Detailed resumes.
  • Invoices for billed services.
  • Receipts for airline and hotel bookings.

All these details uploaded by the users were present in year-wise folders and subfolders on the server. Thus, it was quite easy for a perpetrator to get well-sorted year-wise users’ records all at once.

No Comment From The Firm Yet

After receiving the report regarding the security lapse, TechCrunch reached out to FormGet to inform them of the matter. The firm subsequently pulled the database offline. However, TechCrunch didn’t hear back from the firm in response to their emails.

Recently, a Brazilian financial service also exposed huge records online. The total exposed data summed up to 250GB that included details of customers of various local banks, including Banco Pan.

Let us know your thoughts in the comments.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!