Security researchers Noam Rotem and Ran Locar from security firm vpnMentor discovered a misconfigured AWS S3 bucket exposing sensitive files related to SSL247, a reseller of internet security products. The leaky database exposed the personal information of up to 350,000 customers (150 GB), who made purchases through SSL247 between 2012-2020. The data breach affected customers in South America, the Middle East, North America, Europe, and Africa.
According to the research, the S3 bucket contained over 465,000 files, and due to misconfigured permissions and privacy settings, the data was exposed to the public. SSL247 used this database to host various files and documents of its customers including, invoices, purchase orders, account documents, and customer lists in CSV format.
The exposed documents hold various forms of Personally Identifiable Information (PII) of private individuals and companies using SSL247’s services. The exposed PII data included full names, email addresses, contact numbers, personal and business addresses, company details, profile photos, credit filings, financial data, and SSL247 account information like account ID, start dates, and products purchased.
“Many of these files would have been publicly available, and any risk from them being exposed minimal. However, the fact that they were stored on an unsecured S3 bucket alongside significantly more sensitive records may further damage SSL247’s reputation,” vpnMentor stated.
Issues with Exposed Data
Leaked data is prone to various security risks if it is obtained by threat actors. “Using the details of individual customers, hackers could create effective phishing emails impersonating SSL247 to commit corporate mail fraud, e.g., posing as SSL247 and sending their customers an invoice with the hacker’s bank account number. They could also trick victims into providing credit card details and other sensitive, valuable information used to steal from them. The same emails could be used to embed malware, spyware, and other malicious software on an SSL247 customer’s devices,” vpnMentor added.
Misconfigurations Increase the Risks
A similar survey, “The State of Cloud Security 2020,” revealed that inadvertent database exposure continues to be a major risk for organizations, with misconfigurations exploited in 66% of reported attacks. Besides, 33% of organizations reported that attackers gained access through stolen cloud provider account credentials. A quarter of organizations stated that managing access to cloud accounts is a primary concern to them. Nearly 96% of respondents admitted that they face issues with their current level of cloud security, while 44% of respondents reported data breaches are the top security concern. Only one in four respondents stated lack of staff expertise as a top concern.