Open S3 bucket exposes one million files of fitness brand V Shred

A misconfigured AWS S3 bucket at V Shred exposed more that one million files, including PII on 99,000 people associated with the fitness brand’s customers.

Researchers at vpnMentor led by Noam Rotem and Ran Locar discovered the open server and alerted the company, which apparently removed the file containing the most PII, but kept the bucket itself open.

The AWS bucket, whose URL contained “vshred,” and which contained files with the company’s logo and other identifiers “was completely opened to the public,” the researchers wrote in a blog post.

“V Shred claimed it was necessary for user files to be publicly available and denied that any PII data had been exposed,” the researchers said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.