The CyberNews research team discovered an unsecured data bucket that belongs to View Media, an online marketing company. The bucket contains close to 39 million US citizen records, including their full names, email and street addresses, phone numbers and ZIP codes.
The database was left on a publicly accessible Amazon Web Services (AWS) server, allowing anyone to access and download the data. Following the 350 million email leak covered by CyberNews earlier in August, this is the second time this summer we encountered an unsecured Amazon bucket containing such massive amounts of user data.
On July 29, the exposed View Media bucket was closed by Amazon and is no longer accessible.
To see if your email address has been exposed in this or other security breaches, use our personal data leak checker.
The publicly available Amazon S3 bucket contained 5,302 files, including:
The user record files were created based on locations and ZIP codes that the marketing company’s campaigns were targeting and contained full names, addresses, zip codes, emails, and phone numbers of people based in the US.
Aside from the statement of work documents and user records, the bucket contained thousands of files for various marketing materials, such as banner advertisements, newsletters, and promotional flyers.
Here are some examples of the user records and statement of work documents left on the publicly accessible bucket.
Most of the CSV files contain user records for what we assume to be target demographics for either digital or physical marketing materials.
The statement of work documents for marketing campaigns date between 2018 and 2019:
The unsecured Amazon S3 bucket appears to belong to View Media, an online marketing company that specializes in email marketing, display advertising, design, hosting, direct mails, date sales, and other digital marketing services. The company offers targeted marketing services to American publishing brands like Tribune Media and Times Media Group.
Apart from millions of US citizen records, the bucket also contains thousands of marketing newsletters, promotional flyer designs, banner ads, and statement of work documents created by View Media for its clients.
The bucket was hosted on an Amazon AWS server that has been exposed for an unknown period and it is unclear if any bad actors have accessed the data stored therein.
With that said, unsecured Amazon buckets are relatively easy to find and access without any kind of authorization, which means that anyone who knows where to look could have downloaded the files.
Even though the files in the unsecured Amazon S3 bucket do not contain deeply sensitive personal information such as social security or credit card numbers, cybercriminals can use the personal details in the database for a variety of malicious purposes:
Because we were initially unable to identify the owner of the unsecured bucket, we contacted Amazon on July 27 to help them secure the database. They were able to close the bucket on July 29.
We then reached out to one of the marketing company’s clients mentioned in the statement of work documents that were stored on the bucket, who helped us identify View Media as the owner of the database on August 21. On August 24, we contacted View Media for an official comment regarding the leak. However, we received no response from the company.
If you are a US citizen, there is a chance that your data might be exposed in this leak. To see if you have been affected by this breach, we recommend doing the following:
(SecurityAffairs – hacking, US citizen records)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.