• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
sennheiser exposed personal data of 28,000 customers with leaky s3

Sennheiser exposed personal data of 28,000 customers with leaky S3 bucket

You are here: Home / General Cyber Security News / Sennheiser exposed personal data of 28,000 customers with leaky S3 bucket
December 16, 2021

Audio devices company Sennheiser exposed personalized details belonging to all around 28,000 customers through a misconfigured Amazon Web Solutions S3 bucket, scientists discovered on Thursday.

The information in question had been collected between 2015 and 2018 and then saved on a public-going through S3 bucket that has remained dormant at any time since, according to industry experts at VPN assessments web site vpnMentor.

The knowledge incorporated customers’ total names, email addresses, phone numbers, and house addresses, as effectively as the names of businesses requesting hardware samples and the variety of staff members they experienced. At minimum 407,000 information, totaling 55Gb of information, ended up readily available.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“Sennheiser unsuccessful to employ any security steps on its S3 bucket, leaving the contents entirely uncovered and simply obtainable to any one with a web browser and specialized skills,” the scientists said.

The scientists found out the exposed facts on Oct 26, notifying Sennheiser two days later on. Subsequent a request for far more information on November 1, the scientists despatched the company the URL major to the unsecured server together with examples of the varieties of information and facts they had been equipped to raise. The business then locked the server down a number of hours later.

VpnMentor reported that if anybody had accessed the uncovered information, they could have applied it for id theft, enabling them to perpetrate tax, insurance coverage, home loan, and credit score card fraud. They could also have sent phishing email messages to victims impersonating Sennheiser in order to resource an even higher trove of personal data.

S3 is the storage layer supporting AWS services, and can be configured to be accessible from the public internet or to be private. Nevertheless, it continues to be up to shoppers to make guaranteed the buckets are configured appropriately.

Exposing data in misconfigured S3 buckets is a prevalent dilemma for AWS clients. In August, consumer scores and assessment website SeniorAdvisor uncovered in excess of three million US senior’s individual facts via the cloud-primarily based support. In June 2020, vpnMentor also discovered delicate files from at least 100,000 end users throughout several courting web sites in uncovered S3 storage.

Amazon has tried to mitigate the dilemma, which usually stems from human mistake, with a resource to place misconfigured means.


Some sections of this posting are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News 60% of UK Workers Have Been Victim of a Cyber-Attack, Yet Awareness Remains Low
Next Post: ‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems ‘pseudomanuscrypt’ mass spyware campaign targets 35k systems»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Ransomware Attacks Increasing at “Alarming” Rate
  • Senate Report: US Government Lacks Comprehensive Data on Ransomware
  • Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys
  • Fronton IOT Botnet Packs Disinformation Punch
  • SIM-based Authentication Aims to Transform Device Binding Security to End Phishing
  • New Chaos Ransomware Builder Variant “Yashma” Discovered in the Wild
  • Open source packages with millions of installs hacked to harvest AWS credentials
  • DOE ‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌funds‌ ‌development of Qunnect’s Quantum Repeater
  • Cabinet Office Reports 800 Missing Electronic Devices in Three Years
  • Malware Analysis: Trickbot

Copyright © TheCyberSecurity.News, All Rights Reserved.