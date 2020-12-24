Infosecurity Group Websites
Latest
News

Misconfigured AWS Bucket Exposes Hundreds of Social Influencers

A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers.

A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently yet to be taken by the company responsible, Barcelona-based “social commerce” company 21 Buttons.

For a commission, influencers upload their photos to the firm’s app and link to the e-commerce stores where users can buy the clothes they’re wearing.

According to vpnMentor, the firm has around two million monthly active users and partnerships with many of the biggest brands in Europe.

Of the 50 million files exposed in the snafu, which were mainly influencer photos and videos, the research team discovered hundreds of invoices said to relate to payments made to these social media stars.

Among the personally identifiable information (PII) exposed were full names, postal codes, bank details, national ID numbers, PayPal email address and value of sales commissions.

Those caught in the data leak included Carlota Weber Mazuecos, Freddy Cousin Brown, Marion Caravano, Irsa Saleem and Danielle Metz – influencers that between them have millions of followers on the site.

The vpnMentor team warned that if cyber-criminals get hold of the PII, the victims could be exposed to follow-on phishing scams designed to obtain more bank and card details, identity fraud and stalking.

“If somebody shared the invoices publicly, bad actors would have plenty of material to identify any private accounts held by influencers, as well as their homes and workplaces,” it claimed.

“This doesn’t just make the people affected vulnerable to phishing and fraud. They’re also at risk from an invasion of privacy, doxing, stalking and harassment – both online and offline.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Misconfigured AWS Bucket Exposes Hundreds of Social Influencers

2
News

Leaky Server Exposes 12 Million Medical Records to Meow Attacker

3
News

Police Seize VPN Service Beloved by Cyber-criminals

4
News

Data Leak Exposes Details of Two Million Chinese Communist Party Members

5
News

Cyber Insurance Market Expected to Surge in 2021

6
News

Lazarus Attacks Vaccine Research

1
News

White Ops Acquired by Goldman Sachs

2
News

SolarWinds Hackers "Impacting" State and Local Governments

3
Opinion

Why Are More People Not Automating Certificate Management?

4
Magazine Feature

Securing Online Shopping in the Post-COVID World

5
Opinion

Prevent Ransomware From Taking the Podium With Layered Security

6
News

HelpSystems Acquires Vera to Expand Data Security Offerings

1
Webinar

2020 Cybersecurity Headlines in Review

2
Webinar

Putting People First: Overcoming Human Error in Email Security

3
Webinar

Risk-Based Security for Your Organization: What You Need to Know

4
Webinar

Security in the Cloud - Emerging Threats & the Future

5
Webinar

Enabling Secure Access: Anywhere, Any Device and Any Application

6
Webinar

Insider Risk Maturity Models: Tales from the Insider Crypt

1
Blog

Top Three Cyber-Threats to Look Out for in 2021

2
Interview

Interview: Saj Huq, Director, LORCA

3
Blog

How to Manage Shadow IT for the Benefit of Business and Employees

4
News Feature

Christmas: It’s the Most Vulnerable Time of the Year

5
Webinar

2020 Cybersecurity Headlines in Review

6
Opinion

#HowTo Write the Perfect Op-Ed, and Get it Published!