PhotoSquared leaked just about 94.7GB worth of its user's photos exposed online. Is it still safe to use this app?
Read Also: Bitcoin ATMs are Here and Increasing in Numbers
The popular app, PhotoSquared has done it now. Due to an unsecured Amazon Web Services(AWS) storage bucket, thousands of users' data AND images are online for all to see.
What Happened Anyway
The leak has been discovered by vpnMentor, along with its team of researchers. Due to an AWS storage bucket that was not secured, all data and files could be accessed online or on the web if people knew how to look for it. A misconfigured S3 database was left online WITHOUT any password to protect the data stored. The leak was found by doing a simple port scanning exercise.
READ ALSO: Hurray! Redbox Offers Free Live TV With No Sign In Requirement: Check Out How to Avail
How Massive is the Leak
The S3 database leaked over 95GB of data and has over 10,000 records from November 2016 to January 2020. Order records, receipts, shipping labels and yes, users' photos were all in there for everyone to browse.
As all the information was there, hackers could use them to attack them with ease and possibly do harmful things to their accounts or more.
vpnMentor has this to say:
"By combining a customer's home address with insights into their personal lives and wealth gleaned from the photos uploaded, anyone could use this information to plan robberies of PhotoSquared users' homes. Meanwhile, PhotoSquared customers could also be targeted for online theft and fraud. Hackers and thieves could use their photos and home addresses to identify them on social media and find their email addresses, or any more Personally Identifiable Information (PII) to use fraudulently."
The leak is told to have been fixed just 10 days after vpnMentor contacted PhotoSquared.
What Could Happen to the Users
Photosquared's reputation could take a massive hit as a result of the leak. The company can face compliance fines as stated by vpnMentor.
The app has over 100,000 installs on Google Play but after the leak, it will lose customers to their competitors who have no history of leaks so far.
The type of information that was exposed can be potential targets online and offline. The dangers included are but not limited to:
- Stealing the person's identity for misuse or other nefarious means
- Committing financial fraud or credit card fraud
- Cyber attacks like spyware, ransomware and other means for extortion to receiving monetary gains
How did they Know
The ethical hackers of vpnMentor were doing a massive project online to see if they could try and make the internet safer by looking at internet holes that are open and will dig deeper until they see if the information is indeed being leaked. This was easily found by the team because again the S3 database was completely left defenseless by the company and if not for the team, it wouldn't have been fixed sooner rather than later. Avoiding my harm.
How to Keep Accounts Secure
To keep accounts secure from future leaks and hacks. Experts at vpnMentor stated that, It is the prerogative of the company to ensure that the servers are secure and up-to-date, implementing proper access rules, and NEVER leaving a system that doesn't require any authentication free for use in the internet.
As leaks are found and plugged, it is only a matter of time to see the next leak and hopefully get's fixed faster than it was before. We just have to wait and see if Photosquared gets through this without a scratch or a massive fallout.
READ ALSO: Warning! AI Systems Claiming to 'Read' Emotions Are Dangerous
