Brazil-based WiFi management software firm WSpot exposed extensive details of high-profile firms and millions of customers.
WSpot provides software to let businesses secure their on-premise WiFi networks and offer password-free online access to their clients. Some of the notable clients of WSpot include Sicredi, Pizza Hut, and Unimed.
According to WSpot, 5% of its customer base got impacted by this leak. However, it maintains that financial information is never collected from the clients, so financial data isn’t included in the leak.
About the Leak
Security research firm SafetyDetectives discovered the leak and found that WSpot had a misconfigured Amazon Web Services S3 bucket. Reportedly, this bucket was unprotected and open to public access, which led to 10 GB worth of visitor data exposure.
The bucket was discovered on Sep 2nd, and WSpot was notified on Sep 7th, after which the company was able to secure it immediately. The Brazilian company confirmed that its servers remained intact and threat actors didn’t invade them.
Furthermore, there’s no indication that unauthorized third parties accessed the exposed information. The company states that it has hired a security firm to investigate the incident.