A misconfigured AWS S3 bucket at V Shred exposed more that one million files, including PII on 99,000 people associated with the fitness brand’s customers.
Researchers at vpnMentor led by Noam Rotem and Ran Locar discovered the open server and alerted the company, which apparently removed the file containing the most PII, but kept the bucket itself open.
The AWS bucket, whose URL contained “vshred,” and which contained files with the company’s logo and other identifiers “was completely opened to the public,” the researchers wrote in a blog post.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.