A popular photo app that turns digital images into printed photo boards has exposed the personal data and photos of hundreds of thousands of its customers, according to a report by vpnMentor. The app, PhotoSquared, left an unsecured Amazon Web Services (AWS) storage bucket containing over one million records dating from November 2016 to January 2020. The records included user photos, order receipts, shipping labels and full names and home addresses of customers.
The data breach was discovered by a research team led by Noam Rotem and Ran Locar from vpnMentor, who notified PhotoSquared on February 4th. The company fixed the leak on February 14th, 10 days after being contacted by the researchers. PhotoSquared has not publicly acknowledged the incident or informed its customers of the potential risks.
The exposed data could have serious consequences for the privacy and security of PhotoSquared users. Hackers or malicious actors could use the data to launch phishing and identity theft attacks, or even target users' homes for robbery. The data could also be used to blackmail or extort users, especially those who uploaded sensitive or intimate photos to the app.
PhotoSquared is a small but popular app, with over 100,000 installs on Google Play. It allows users to upload photos to the app and order lightweight printed photo tiles for decoration. The app charges a small fee for each photo tile and delivers them to users' homes via USPS.
The app does not reference user data security and storage protocols in its terms of service or describe any steps it takes to protect its customers' data. The database in question was hosted in Maryland and contained 94.7GB of data.
This is not the first time that a photo app has leaked user data due to an unsecured AWS storage bucket. In 2019, another photo app called Ever exposed millions of photos and facial recognition data online. In 2018, a photo storage app called FamilyAlbum exposed over 8 million photos online.
Users of photo apps should be careful about what they upload and share online, and check the privacy policies and security practices of the apps they use. They should also monitor their online accounts and credit reports for any signs of suspicious activity or identity theft.
How to secure AWS storage buckets
One of the main reasons why data leaks occur from AWS storage buckets is because of misconfigured access controls and permissions. AWS provides several tools and best practices to help users secure their data and prevent unauthorized access. Here are some of the methods that users can apply to protect their AWS storage buckets:
By following these methods, users can improve their security posture and reduce the risk of data leaks from their AWS storage buckets.
51082c0ec5