Indian Marketing Firm FormGet Publicly Exposed Users’ Documents Via Unsecured Server

Once again, a firm has breached users’ privacy by exposing customers data publicly via an unsecured cloud server. This time, it is an Indian marketing firm ‘FormGet’ that inadvertently exposed users’ sensitive documents online via an unsecured Amazon S3 storage bucket.

FormGet Exposed Users Documents

Reportedly, the Bhopal-based email marketing service and online form maker FormGet had a security lapse. The company leaked a bulk of sensitive documents of its customers from an unsecured cloud server.

The problem first caught the attention of a researcher who later reported the issue to TechCrunch. Further investigation revealed that the firm actually left “hundreds of thousands of files” on an unprotected Amazon S3 bucket. The leaked data included information dating back to 2013 in a well-organized form. It also included sensitive personal information of the users. Such as,

  • Scanned documents of the users including scanned passports, driver’s licenses, Social Security numbers, identity cards.
  • Certification letters of former veterans from Veteran Affairs.
  • Bank accounts statements, bills, and other proofs of residency.
  • Mortgage and loan details.
  • Sensitive corporate documents related to cybersecurity assessment.
  • UPS shipping labels.
  • Detailed resumes.
  • Invoices for billed services.
  • Receipts for airline and hotel bookings.

All these details uploaded by the users were present in year-wise folders and subfolders on the server. Thus, it was quite easy for a perpetrator to get well-sorted year-wise users’ records all at once.

No Comment From The Firm Yet

After receiving the report regarding the security lapse, TechCrunch reached out to FormGet to inform them of the matter. The firm subsequently pulled the database offline. However, TechCrunch didn’t hear back from the firm in response to their emails.

Recently, a Brazilian financial service also exposed huge records online. The total exposed data summed up to 250GB that included details of customers of various local banks, including Banco Pan.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients