A team of him vpnMentor discovered this AWS S3 bucket, which was open, without encryption or password access. The discovery was made in early November. What is worrying is that the company that is responsible (21 Buttons) has not done anything yet.
According to vpnMentor, 21 Buttons has about two million active users per month and collaborates with some of the largest brands in Europe.
According to the researchers, the AWS S3 bucket has exhibited at least 50 million files, which are mainly photos and video of influencers, but also hundreds invoices which are said to be related to payments of social media stars.
The personal information exposed include: full names, zip codes, bank details, IDs, PayPal email addresses, etc.
Among the social media influencers whose data were exposed are: Carlota Weber Mazuecos, Freddy Cousin Brown, Marion Caravano, Irsa Saleem and Danielle Metz. They all have millions of followers.
The vpnMentor team warned that if cybercriminals obtain the exposed personal information, influencers will be in a very difficult position, as their data can be used to Phishing and other scams, such as identity theft or bank fraud.
"If the invoices are exposed online, criminals will have plenty of material to identify influencers' private accounts, and they will be able to determine where their homes and workplaces are." they said Investigators.
Source: Infosecurity Magazine