Led by Noam Rotem,vpnMentorsresearch team discovereda data breach affecting health and lifestyle brand Paleohacks.
Data Breach Summary
Company Profile
Paleohacks is a multimedia online lifestyle brand founded in 2010.
The company is currently located in Los Angeles, USA.
Paleohacks creates online products focused on promoting the Paleo diet, health and fitness tips, and wellness advice.
These include written articles, a podcast, cooking recipes, and a member forum.
But rare are these times.
Paleohacks customer data
Most often, we need days of investigation before we understand whats at stake or whos exposing the data.
Some affected parties deny the facts, disregarding our research or playing down its impact.
So, we need to be thorough andmake sure everything we find is correct and accurate.
Paleohacks customer data
However, AWS requires clients to manually set up their data privacy protocols when creating an S3 bucket account.
Our team discovered the Bucket and quickly identified Paleohacks as its owner.
The Paleohacks representative claimed to be an independent contractor and suggested we communicate with the company directly.
We repeated that we had attempted to do so numerous times already, with no success.
She replied simply"If no one replies then they arent interested.
Sorry about that."
For Paleohacks
Paleohacks also faces numerous issues as a result of the data breach.
Amazon provides detailed instructions to AWS users to help them secure S3 buckets and keep them private.
To learn about data vulnerabilities in general, read ourcomplete guide to online privacy.
Our researchers use large-scale web scanners to search for unsecured data stores containing information that shouldnt be exposed.
They then examine each data store for any data being leaked.
Our team was able to access Paleohacks S3 bucket because it was completely unsecured and unencrypted.
As ethical hackers,were obliged to inform a company when we discover flaws in their online security.
The purpose of this web mapping project is to helpmake the internet safer for all users.
We never sell, store, or expose any information we encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.
You may also want to read ourVPN Leak Report and Data Privacy Stats Report.
Help Us Protect The Internet!
Check the Leak Box here »
yo, comment on how to improve this article.
