Led by Noam Rotem and Ran Locar,vpnMentorsresearch team recently discovereda data breach belonging to photography app PhotoSquared.
Company Profile
PhotoSquared is a USA-based app available on iOS and Android.
Users upload photos to the app which are turned into lightweight printed photo tiles for decoration.
These are then mailed to users for a small fee.
It’s a small but popular app, with over100,000 customer entries on this database alone.
But rare are these times.
Most often, we need days of investigation before we understand whats at stake or whos leaking the data.
Some affected parties deny the facts, disregarding our research, or playing down its impact.
So we need to be thorough andmake sure everything we find is correct and accurate.
The team quickly identified PhotoSquared as the owner and reached out.
The database in question was hosted in the state of Maryland.
It contained over a million records, totaling 94.7GB of datadating from November 2016 to January 2020.
Amazon provides detailed instructions to AWS users to help them secure S3 buckets and keep them private.
To learn about data vulnerabilities in general,read ourcomplete guide to online privacy.
Each exposed gap is subsequently examined for signs of data leakage.
If possible, we will also inform any other party affected by the breach.
Our team was able to access this bucket because it was completely unsecured and unencrypted.
The purpose of this web mapping project is to help make the internet safer for all users.
We also never sell, store, or expose any information we encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data leaks in recent years.
This has included an enormous data leakexposing the data of 10,000s of American restaurant diners.
[Publication date: 14.02.2020]
just, comment on how to improve this article.
