.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: Snewpit
Oct 9, 2020 11:28:04 AM
The target: Snewpit, an Australian-based news sharing platform.
The take: 80,000 user records of personally identifiable information including: usernames, full names, email addresses, profile pictures, and log data detailing the amount time users spent on the app and other behaviour metrics.
The attack vector: The information was exposed on an improperly secured, and publicly accessible, Amazon Web Services server. Bad actors can locate these unsecured storage buckets very easily and the complete lack of security on the database means the records were open to anyone with an internet connection.
The combination of data exposed in this incident could lead to very targeted and successful scams by fraudsters. Personally Identifiable information helps these attackers build a complete profile of their victims, and in this case, the log data which outlined the actions taken by users on Snewpit’s app greatly increases the credibility of their scams, vastly increasing the chance they are successful. Data and credential management are critical for ensuring sensitive information is stored safely and securely.
