US marketing firm exposed millions of customers' data in a database mess up

Database mess up – US marketing firm exposed data of 7 million users

The IT security researchers at Website Planet discovered what they dubbed as a ‘large data breach,’ impacting a US-based marketing automation firm, Beetle Eye.

As per Website Planet’s blog post, an estimated seven million people were affected by the data exposure. This included their names, emails, phone numbers, and addresses.

A majority of Beetle Eye’s customers were American nationals, but many customers were Canadian. Presumably, the exposed databases were part of leads that Beetle Eye customers used for digital marketing purposes.

Misconfigured AWS S3 Bucket

In a blog post, researchers stated that a misconfigured Amazon Web Services’ S3 bucket was responsible for exposing over 6k files or 1 GB worth of data. The bucket was left without any password protection and encryption.

According to researchers, around ten different folders were discovered in Beetle Eye’s exposed bucket, and each file in these folders contained data of at least one client.  

Three Datasets Identified

There were three different datasets on the bucket, namely, leads, leads, and Unnamed leads. Reportedly, the exposed data sets contained different kinds of personally identifiable information (PII).

For instance, Unnamed leads included full names (first name and surname) of the lead, current/previous addresses, current/previous ZIP codes, and current/previous cities. leads files contained more PII, such as full names, addresses, email IDs, phone numbers, company names, data collection-related details, and survey responses. leads files contained full names, addresses, email IDs, and survey answers and questions about magazine subscriptions.

It is yet unclear whether the database was accessed by a third party with malicious intent such as ransomware gangs or threat actors. But in case it did, it would be devastating for Beetle Eye as it exposes customers and employees to the risk of online scams, phishing campaigns, and malware infection.

Good news

Although, the database was identified last year in September the details of it were only shared by the researchers recently. Nevertheless, the good news is that Beetle Eye was quick to secure its database upon receiving alerts from Website Planet.

More database mess up news

Leaky database exposes fake Amazon product reviews scam

Hacker steals govt database with info of entire Argentine population

Ghana govt agency exposed 700k citizens’ data in a database mess up

Household data of 35 million US residents exposed in database mess up

Stripchat database mess up exposes 200M adult cam models, users’ data

Related Posts