FormGet Storage Bucket Leaks Passport Scans, Bank Details

  /     /     /  
Publicated : 23/11/2024   Category : security


FormGet Storage Bucket Leaks Passport Scans, Bank Details


Exposed files include mortgage and loan information, passport and drivers license scans, internal corporate files, and shipping labels.



A cloud security mishap at FormGet has exposed sensitive user-uploaded files dating back to 2013 through a misconfigured Amazon S3 storage bucket, TechCrunch reports. Its the latest company to leave troves of data open to the Internet, signifying a concerningly common trend.
Bhopal, India-based FormGet provides online form creation and email marketing services to around 43,000 customers. People can use its tools to create forms for job applications, online shopping, and other processes. An anonymous security researcher found its S3 bucket had been left online sans password and contacted TechCrunch in an attempt to address the issue.
The bucket contained hundreds of thousands of files and documents dating back to 2013, packing a broad range of sensitive user-uploaded files: scans of passports, drivers licenses, paychecks, and Social Security numbers; details of obtained loans and mortgages, bank account statements, and utility bills; UPS shipping labels with names and phone numbers; resumes containing contact information; and internal corporate documents containing cybersecurity assessment notes for multiple banks and financial firms, the report states.
The problem of misconfigured cloud storage is often exacerbated by trusted third parties, says Ilia Kolochenko, founder and CEO of ImmuniWeb. Businesses often need to share data with vendors like FormGet, which may often prioritize performance over data protection to keep up with a competitive market. Most companies have a vendor risk management policy, he adds, but these are rarely monitored for noncompliance, and few are properly enforced.
Given the frequency at which these data exposures happen, Amazon and other cloud providers have taken steps to lock down storage buckets by default. Businesses storing data in the cloud are urged to double-check their configuration settings to be sure information is private.
Read more details
here
.
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the 
conference
 and 
to register.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FormGet Storage Bucket Leaks Passport Scans, Bank Details