Once again, a popular photo-editing application has breached users’ privacy, consequently exposing sensitive information online. This time, the guilty application is the PhotoSquared app that leaked photos and personal data of thousands of users.
PhotoSquared App Leaked Data
Reportedly, the researchers’ duo from vpnMentor have found another leaky database online. Again, the data they found exposed contained sensitive private information of the users.
As revealed through their report, the popular photography app PhotoSquared leaked users’ data online via an unsecured server. The researchers found an unprotected S3 Bucket hosted on Amazon Web Services that belonged to PhotoSquared. It is an app that transforms users’ photos to lightweight printed photo tiles, against a certain fee.
The database had over a million user records ranging from November 2016 to January 2020. In total, it made up to 94.7gb of data. Specifically, it included sensitive information such as users’ photos uploaded for editing, PDF order records and receipts, and USPS shipping labels for the delivery of edited image tiles. Also, it included detailed personal records of the users, including full names, delivery addresses, and order values.
The researchers fear that an adversary could possibly exploit the leaked data for various malicious activities including identity theft, payment card fraud, or malware attacks.
Database Now Secured, But…
The researchers found the leaky database on January 30, 2020. Then, after verifying their findings, they informed PhotoSquared about the incident on February 4, 2020. Consequently, the vendors addressed the matter by securing the database on February 14, 2020.
The exposed server is now offline, what’s odd is that the company presently expresses no plans to inform their customers about this incident. Neither their website nor their social media accounts have shared any information in this regard. It is also not clear if they have informed, or plan to inform their users about this breach via emails.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- Largest Hacking Campaign Since 2015 Targeted Magento Stores Via Unpatched Bug - September 16, 2020
- Ransomware Attack Targets Equinix Data Center Provider - September 16, 2020
- Raccoon Attack Aims At Breaking TLS Encryption – Though Attack Is ‘Rare’ - September 16, 2020