Database mess up – US marketing firm exposed data of 7 million users

The IT security researchers at Website Planet discovered what they dubbed as a ‘large data breach,’ impacting a US-based marketing automation firm, Beetle Eye.

As per Website Planet’s blog post, an estimated seven million people were affected by the data exposure. This included their names, emails, phone numbers, and addresses.

A majority of Beetle Eye’s customers were American nationals, but many customers were Canadian. Presumably, the exposed databases were part of leads that Beetle Eye customers used for digital marketing purposes.

Misconfigured AWS S3 Bucket

In a blog post, researchers stated that a misconfigured Amazon Web Services’ S3 bucket was responsible for exposing over 6k files or 1 GB worth of data. The bucket was left without any password protection and encryption.

According to researchers, around ten different folders were discovered in Beetle Eye’s exposed bucket, and each file in these folders contained data of at least one client.  

Three Datasets Identified

There were three different datasets on the bucket, namely, leads, leads, and Unnamed leads. Reportedly, the exposed data sets contained different kinds of personally identifiable information (PII).

For instance, Unnamed leads included full names (first name and surname) of the lead, current/previous addresses, current/previous ZIP

Read More: