V Shred exposes 1 million files with open S3 bucket (Includes interview)
Email
Password
Remember meForgot password?
    Log in with Twitter

article imageV Shred exposes 1 million files with open S3 bucket Special

Listen | Print
By Tim Sandle     Jul 8, 2020 in Technology
It has been revealed that fitness brand V Shred left the information thousands of customers on a completely unsecured AWS S3 bucket. V Shred have addressed the issue; however, there are concerns about the content of the exposed data.
With the incident, a misconfigured AWS S3 bucket at V Shred, is repored by ZDNet, to have exposed more that one million files, including persoanl data relating to some 99,000 people associated with the fitness brand’s customers. This arose because the AWS bucket was completely opened to the public.
Concerns with the type of data that has been exposed have been picked up by Balbix CTO Vinay Sridhara. The analyst is concerned with one of the responses from V Shred about the exposed data not being seen as important. Sridhara explains that just because information does not “seem” important this does not mean that the data cannot be used by hackers.
Sridhara says this is down to the nature of the environment within which the data was held: "The challenge of cloud environments is that the chance of misconfigurations greatly increases, and many organizations assume that major third-party providers have strong default security standards."
Sridhara clarifies: "Combined, these factors often lead to lax security in cloud environments. In the case of V Shred, the S3 bucket was left completely open to public access and included identifiers in the URL that made user information easily identifiable. Perhaps even more concerning is that V Shred responded to the vulnerability by saying they it was necessary to have the files open and that no personal identifiable information was exposed."
With this point, Sridhara notes: "Though some information may seem “harmless,” any compromised data can increase the chances of a highly targeted (and effective) phishing scheme, making it easier for hackers to track and compromise people online. Only implementing security measures that can monitor risk in cloud environments will ensure that the public is fully protected.”
More about Cybersecurity, Data loss, Personal data
 
Latest News
Top News