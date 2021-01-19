Infosecurity Group Websites
Latest
News

Cloud Config Error Exposes X-Rated College Pics

A cloud misconfiguration at a now-defunct social media app has exposed hundreds of thousands of files, including explicit photos of users that they thought had been deleted, according to vpnMentor.

A research team led by Noam Rotem discovered the AWS S3 bucket on October 13 last year, tracing it back to Fleek and owner Squid Inc.

The app apparently marketed itself as an uncensored alternative to Snapchat “Campus Stories.” A hit with US college students, it promised to automatically delete photos after a short period, encouraging users to post salacious pics of themselves engaged in sexually explicit and illegal activities.

However, as the researchers found, many photos were not deleted at all — in fact, they were still being stored long after the app was closed down in 2019.

“Many of these were shared in folders given offensive and derogatory names like ‘asianAss’ by the app’s developers,” vpnMentor explained.

“Fleek users were mostly college students naive of the implications of uploading images that show them engaging in embarrassing and criminal activities, such as drug use. If cyber-criminals obtained these images and knew how to find the people exposed, they could easily target them and blackmail them for large sums of money.”

In total, the research team found around 377,000 files in the 32GB bucket. This also included photos and bot scripts which it’s believed relate to a paid chat room service the app’s owners were trying to promote to users.

To encourage male users, the app’s owners appear to have created numerous bot accounts using images of women scraped from the internet. To ‘chat’ to these bots, users would have to pay a fee.

Having contacted both Squid Inc’s founder and AWS to notify about the privacy snafu, vpnMentor found the bucket had been secured about a week after it was discovered. However, it’s unclear whether the data has been deleted or not.

“Never share anything you’d be embarrassed about online — few systems are 100% secure from hacking, leaks, or dishonest people saving incriminating images to hurt you in the future,” warned vpnMentor.

“It's also important to know what happens to your data after a company that has collected it goes bankrupt or shuts down. Often, with smaller companies, the owner maintains possession of the data, and there’s very little accountability stopping them from misusing it or sharing with others in the future.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Health Insurer Fined $5.1m Over Data Breach

2
News

Leaked #COVID19 Vaccine Data “Manipulated” to Mislead Public

3
News

Trump Sex Scandal Video Is a RAT

4
News

NSA: DNS over HTTPS Provides “False Sense of Security”

5
News Feature

The End of Adobe Flash: What Will Post-Support Life Look Like?

6
News

NSA Appoints Cyber Director

1
Webinar

Evolution of Ransomware-as-a-Service and Malware Delivery Mechanisms

2
Opinion

Rising Supply Chain Risk Requires Proactive Management

3
News

World Economic Forum: Action Required to Address Digital Inequalities Post-COVID

4
News

Cloud Config Error Exposes X-Rated College Pics

5
News

Most Financial Services Have Suffered COVID-Linked Cyber-Attacks

6
News

GDPR Fines Surge 39% Over Past Year Despite #COVID19

1
Webinar

2021: The Year Zero Trust Overtakes VPN?

2
Webinar

Cyber Resilience for a Microsoft 365 Environment

3
Webinar

How to Secure the Most Vital Data Channel in Your Organization: File Transfers

4
Webinar

FTP, FTPS & SFTP: Which Protocol Should You Use, and When?

5
Webinar

2020 Cybersecurity Headlines in Review

6
Webinar

Risk-Based Security for Your Organization: What You Need to Know

1
News Feature

The Growing Threat of #COVID19 Vaccine Phishing Scams

2
Blog

Taking the First Steps Toward Self-Repairing Endpoints

3
Opinion

Privacy Post-COVID: Predictions for 2021

4
Webinar

Cyber Resilience for a Microsoft 365 Environment

5
Opinion

#HowTo: Build a Business Case for Cybersecurity Investment

6
Webinar

2021: The Year Zero Trust Overtakes VPN?