Marketing companies often collect data on users in order to better deliver targeted advertising but what happens when this data is left unsecured online?
CyberNews recently discovered an unsecured data bucket belonging to the online marketing company View Media which contained close to 39m records on users in the US including their full names, emails, physical addresses, phone numbers and ZIP codes.
The database was left on a publicly accessible AWS server and anyone could have accessed it and downloaded the data it contained before the server was secured.
This is actually the second time this summer that CyberNews has discovered an unsecured Amazon bucket containing massive amounts of user data after it found 350m unencrypted email addresses exposed online back in August.
Unsecured database
The publicly accessible Amazon S3 bucket contained 5,302 files including 700 statement of work documents stored in PDF files and 59 CSV and XLS files containing 38m+ records of US citizens, of which 23m+ were unique records.
The user record files were created based on locations and ZIP codes that View Media used in its online marketing campaigns. The company offers targeted marketing services to US publishing brands such as Tribune Media and the Times Media Group. In addition to millions of user records, the bucket also contained thousands of marketing newsletters, promotional flyer designs, banner ads and statement of work documents created by View Media for its clients.
The bucket was hosted on an Amazon AWS server and was exposed for an unknown period of time before CyberNews discovered it and alerted Amazon. The cloud giant then secured the database just two days after the news outlet reached out.
While no deeply sensitive personal information was stored in the database, cybercriminals could still use the information it contained to launch phishing attacks and other online scams against almost 39m Americans.
- We’ve also highlighted the best VPN services