Reindeer, a defunct firm, exposed 50,000 files holding 32 GB of customer data via misconfigured Amazon bucket affecting about 300,000 clients...

Continue reading
Reindeer, currently a defunct marketing company, exposed approximately 32 GB of records and customer data through a misconfigured Amazon S3 bucket.
Threat analysis conducted by WizCase's security team led by Ata Hakçıl first revealed the data leak. The researchers noted that the leak endangered the delicate personal information of the company which supplied digital marketing services to renowned firms worldwide.
Reports suggest that the misconfigured Amazon S3 bucket wasn't password protected and didn't require any login credentials to access the unencrypted data to prevent any unauthorized entrance.
The breach compromised the private data of nearly 300,000 Reindeer clients, rendering them vulnerable to a mixture of threats and attacks. According to the research conducted, the exposed information includes names, email addresses, Facebook IDs, hashed passwords, addresses, and phone numbers of several customers. The security team at WizCase identified that the leaked database contained about 50000 files and 32 GB of data.


WizCase informed Amazon about the incident stating, "We reached out to Amazon regarding the breach. As a now-defunct company owns the bucket, the web host is the only contact we could find to help secure the breach. We also informed the US-Cert, hoping they would be able to reach out to the previous company owner."
The research conducted by the security team pointed to a lack of due diligence. The report published by WizCase reads, "Even when a company goes out of business, it still possesses responsibilities to its users and its clients' users to keep their data safe." They also noted that this data could be misused to launch several phishing attacks, identity theft, and brute force attacks.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation