Online marketing company View Media’s unsecured database, which held 38 million U.S. users’ data, was recently exposed online. According to researchers from CyberNews, the database was hosted on a misconfigured Amazon Web Services (AWS) server, allowing anyone to access users’ personal data like full names, email addresses, residence details, phone numbers, and ZIP codes.
Data Breach Threat
The leaky server contained 5,302 files, including 700 statement of work documents stored in PDF files and 59 CSV and XLS files that contained 38,765,297 records of the U.S. citizens. In addition, the bucket contained tens of thousands of various marketing files like banner advertisements, newsletters, and promotional flyers.
Though the leaky database is now secured, it is unclear whether any threat actors have accessed the data before.
Even though the data in the unsecured server did not contain sensitive or financial information like social security numbers (SSNs) or credit card details, hackers can still make use of the available personal details for various malicious activities.
“Scammers can use the names, email addresses, and phone numbers of the exposed people for a wide variety of fraudulent schemes. Simple contact details can be enough for spammers and phishers to launch targeted attacks against 38+ million exposed Americans from multiple angles, such as robocalls, text messages, emails, and social engineering campaigns. Determined cybercriminals can combine the data found in this bucket with other data breaches to build profiles of potential targets for identity theft,” the researchers said.
A cloud security survey by cybersecurity firm Sophos revealed that 70% of organizations suffered at least one public cloud security breach in 2019, with misconfigurations exploited in 66% of reported attacks. The survey report titled “The State of Cloud Security 2020” stated that 50% of organizations that use multi-cloud environments are more likely to suffer a cloud security incident than those using a single cloud. Besides, 33% of organizations reported that attackers gained access through stolen cloud provider account credentials. A quarter of organizations stated that managing access to cloud accounts is a primary concern to them. Nearly 96% of respondents admitted that they face issues with their current level of cloud security, while 44% of respondents reported data breaches are the top security concern. Only 1 in 4 respondents stated lack of staff expertise as a top concern.