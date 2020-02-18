tech

Researchers recently discovered that a popular photo app called PhotoSquared leaked personal data and images of thousands of customers. This leak happened as a result of an ‘unsecured’ Amazon Web Services (AWS) storage bucket.

The discovery of this leak was made by vpnMentor who found that a misconfigured s3 database belonging to PhotoSquared was left online without any password protection.

PhotoSquared creates printed photo boards from customers’ digital images.

The S3 database had 94.7GB of data and contained more than 10,000 records from November 2016 to January 2020 including photos, order records, receipts, shipping labels etc.

Full names and home delivery addresses of PhotoSquared’s customers were left exposed online in the leak and any hacker could use this information.

According to vpnMentor, “PhotoSquared’s reputation could suffer as a result of the data leak and the company could also face compliance fines”, reports TechRadar. Additionally, in the report detailing its investigation, vpnMentor noteed that PhotoSquared customers could be targeted by both hackers and thieves, saying:

“By combining a customer’s home address with insights into their personal lives and wealth gleaned from the photos uploaded, anyone could use this information to plan robberies of PhotoSquared users’ homes. Meanwhile, PhotoSquared customers could also be targeted for online theft and fraud. Hackers and thieves could use their photos and home addresses to identify them on social media and find their email addresses, or any more Personally Identifiable Information (PII) to use fraudulently.”

This data leak was found through a simple port scanning exercise but thankfully PhotoSquared was able to fix the leak within just 10 days after the company was contacted by the researchers.

