Market research & conferencing service Civicom exposed 8TB of Data

A New York City-based company known for providing audio, web conferencing, and market research services was found exposing a trove of personal and sensitive data to its clients.

The company in discussion is Civicom, Inc., who, according to its LinkedIn page, claims to provide “the best audio and web conferencing services on the planet, webinar services, global marketing research services, leading transcription/CRM entry service, general transcription service, online jury trials, and more.”

It is worth noting that Civicom is home to hundreds of employees with offices all over the United States, the Philippines, and the United Kingdom. This also indicates the company’s strong customer base and the devastating consequences of such large-scale exposure of data to the public.

What’s worse is that the S3 bucket was left exposed without any password or security authentication meaning anyone with knowledge of how to find misconfigured databases could have accessed the data.

What happened

According to the Website Planet Security Team, who originally identified the database, Civicom exposed 8 terabytes of records containing more than 100,000 files, thanks to one of its misconfigured Amazon S3 buckets.

However, due to the humongous size of the database, it was physically impossible for researchers to scan

Read More: