Another thing we noticed is that, while the database contains no personally identifiable (written) information, like names, usernames, emails or any other details, the images all seem to contain “user IDs.”.
Given that this bucket belongs to LimitChat, which we believe is a product of FaceChance, then LimitChat users have just had their most sensitive, explicit moments leaked online for anyone who knows where to look.
Here are some examples of how potential attackers can use the data found in the unsecured Amazon S3 bucket against the owners of the exposed email addresses:Spamming 350 million email IDsCarrying out phishing attacksBrute-forcing the passwords of the email accountsAttackers can also combine the leaked email addresses with data from other breaches and build more detailed pictures of their potential targets.
CyberNews received information from reader Jake Dixon, a security researcher with Vadix Solutions, who discovered an unsecured Amazon Simple Storage Solution (S3) database containing more than 31,000 images of users’ passports, driver’s licenses, evidence of age documents, and more.
JailCore was left unsecure and unencrypted on an Amazon server, impacting locations in Florida, Kentucky, Missouri, Tennessee and West Virginia The bucket was discovered by vpmMentor on January 3rd, but was not closed until nearly two weeks later.
Medico, Inc.’s IT vendor’s error left at least two Amazon buckets unsecured More than 300,000 files contained protected health information related to patient billing, complete with insurance information and treatment codes Leaks were independently discovered by at least three researchers using different search methods It’s been a rough few months in terms of business associates or third parties disclosing breaches of protected health information.
According to a new report by the security researchers at UpGuard, a Washington-based ISP by the name of Pocket iNet left 73 gigabytes of essential operational data publicly exposed in a misconfigured Amazon S3 storage bucket for months.