A Brazilian Wi-Fi management software firm exposed data of various high profile companies and millions of their customers.
The data was leaked by WSpot, which provides software that enables businesses to secure their on-premise Wi-Fi networks and allow password-free online access to their customers.
The leak was discovered by security research firm SafetyDetectives. The researchers found WSpot’s misconfigured Amazon Web Services (AWS) S3 bucket, which was left open and exposed 10GB worth of data to the public. After discovering the sensitive data on September 2, the researchers contacted the software firm on September 7. WSpot secured the breach the following day.
Some 226,000 files were exposed in the leak, the researchers noted, including personal information from approximately 2.5 million individuals who connected to the public Wi-Fi networks provided by WSpot clients. The company’s client portfolio includes Pizza Hut, financial services provider Sicredi, and healthcare firm Unimed.
According to SafetyDetectives, the set of information exposed included details supplied by individuals in order to access the Wi-Fi service provided by the companies. This includes full name, email address, full address, and taxpayer registration numbers — in addition to the login credentials created in the registration process.
WSpot confirmed the leak to ZDNet, saying the