[BreachExchange] Millions of Senior Citizens' Personal Data Exposed by Misconfiguration
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Fri Aug 6 11:40:02 EDT 2021
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/
Millions of senior citizens in North America have had their personal
information compromised following a breach at senior care review website
SeniorAdvisor, according to WizCase.
The researchers, led by Ata Hakcil, discovered a misconfigured Amazon S3
bucket owned by Senior Advisor, a company that displays consumer ratings
and reviews for senior care services across the US and Canada.
The misconfigured bucket left over the personal data of more than three
million people, labeled “leads,” exposed. This included names, emails,
phone numbers and dates contacted. In total, it contained more than one
million files and 182GB of data, none of which was encrypted and did not
require a password or login credentials to access.
WizCase believes the files are from 2002-2013 based on the contact dates,
although the files were timestamped in 2017.
Additionally, the team found around 2000 “scrubbed” reviews in the
misconfigured bucket, in which the user’s sensitive information was wiped
or redacted. However, the scrubbed reviews contained a lead ID that would
enable a malicious actor to trace it back to the person who wrote it as the
reviews and lead data were in the same exposed database.
WizCase added that it reached out to SeniorAdvisor about its findings, who
confirmed the breach had been secured. Nevertheless, the exposed data could
be used to launch scams and phishing attempts, which is especially worrying
in this case, given that senior citizens are at higher risk of online fraud
than the rest of the population.
“The greatest danger of this breach stems from the specific group of
people left vulnerable. SeniorAdvisor is targeted toward senior citizens in
or near retirement. In a 2018-2019 report, the FTC noted that people who
filed a fraud complaint in the ages of 60-69 lost $600 per scam on average.
The amount rose as the age group was older, culminating in $1700 on average
per scam for people in the ages of 80-89,” outlined WizCase.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210806/d5ebacf2/attachment.html>
More information about the BreachExchange
mailing list