BACKGROUND:
‘Reindeer’, a New York-based digital media advertising and marketing company that is now out of business, has left an Amazon S3 bucket exposed to public access resulting in the irreversible leak of 50,000 files that account to a total of 32 GB of size. The exposure affects roughly 306,000 people, who were customers of various Reindeer clients such as the ‘Patrón Tequila’ alcoholic beverage brand and the ‘Jack Wills’ UK clothing brand. The exposed details include full names, email addresses, physical addresses, phone numbers, and hashed passwords.
<p>Improperly secured AWS S3 buckets are notorious for being one of the leading causes of data breaches due to misconfiguration. This is because inexperienced users can accidentally select the “all users” access option, unwittingly making the bucket publicly accessible. Unfortunately, the chances of this are all too high, leaving many unsuspecting companies leveraging S3 buckets prime targets for hackers looking to exploit sensitive data. To combat this risk, businesses must be acutely aware of any abnormalities within the cloud environment. Leveraging a cloud governance platform with holistic, real-time visibility into the cloud landscape can enable businesses to remediate issues before hackers can target them, ensuring customer data stays secure.</p>