8Belts database was hosted on a misconfigured Amazon Web Services (AWS) S3 bucket.
VpnMentor’s cybersecurity research team led by researchers Noam Rotem and Ran Locar discovered a data breach involving popular Spanish e-Learning platform 8Belts.
Researchers claim that the data got exposed because it was stored on a misconfigured Amazon Web Services (AWS) S3 bucket. Thousands of e-learners from across the globe might be affected as a result of this breach.
8Belts is a popular online language learning platform offering courses in French, Chinese, German, and French. With the data breach, it is estimated that private details of at least 100,000 e-learners including national identity numbers, full names, email IDs, and contact information could be at risk of cyber frauds and identity thefts.
“The earliest records stated from 2017 and included long lists of 8Belt user details. Stored in CSV format, each of these lists contained the different forms of Personally Identifiable Information (PII) data for individual 8Belts users,” researchers noted in their findings published on Friday.
Since the data was stored on an unsecured cloud-based database, it was accessible to anyone having the right IP address. The database was discovered on April 16th while they were looking for exposed databases on the internet.
The researchers tried to contact 8Belts on 20 April and 22 April but received no response. Meanwhile, the researchers also contacted AWS so that they could inform 8Belts. On 28 April, the said database was taken offline.
Screenshot of the leaked records (Image: vpnMentor)
They further revealed that the database contained information of users from almost every country. It is worth noting that 8Belts claims to have an impressive client-base comprising of the likes of mobile communications firm Huawei, sports goods manufacturer Decathlon, and transnational auditing firm PricewaterhouseCoopers.
However, a majority of the user records found in the database belonged to Spanish-speaking countries.
Just yesterday, another report from vpnMentor revealed how Bharat Interface for Money (BHIM), India’s emerging new e-payments platform, exposed sensitive financial data of around 7 million Indians on an AWS S3 bucket.
Nevertheless, misconfigured databases have been exposing highly sensitive data for years now. It is time for companies to hire professionals who are aware of securing sensitive databases when uploaded online.