Data breach exposes millions of seniors' data
Misconfigured S3 bucket had exposed personal information on three million people
According to WizCase, the data breach affected SeniorAdvisor, “one of the largest consumer ratings and reviews websites for senior care and services across the US and Canada.” Among the exposed details were users’ names, surnames, phone numbers, and more.
Researchers at WizCase discovered a misconfigured Amazon S3 bucket belonging to the website containing over 1 million files and 182GB of data. Contact dates from the files suggest they are from 2002 to 2013, though the files had a 2017 timestamp.
“The majority of data exposed was in the form of leads, a list of potential customers whose details were collected by SeniorAdvisor presumably via their email or phone call campaigns,” said researchers.
Researchers also unearthed 2,000 “scrubbed” reviews. These are reviews where the user’s sensitive information has been wiped or redacted.
“However, this scrubbing process is useless if you have the corresponding information. The scrubbed reviews had a lead id which could be used to trace the review back to who originally wrote it,” researchers said. As both lead data and these scrubbed reviews were in the same database, supposedly anonymous reviewers could have their identity revealed with a simple search operation.
WizCase researchers said since the breach contained data from a section of the public more vulnerable to scams, the risks were higher. In a 2018-2019 report, the Federal Trade Commission (FTC) noted that people who filed a fraud complaint between 60 and 69 years old lost $600 per scam on average. The amount rose in older groups, culminating in $1700 on average per scam for people between 80 and 89.
From zero to hero: The path to CIAM maturity
Your guide to the CIAM journeyDownload now
“In particular, the report found senior citizens were more likely to fall for digital scams such as tech support scams, prize/sweepstakes scams, online shopping scams, and especially phone scams,” said researchers. “As shown, senior citizens are at greater risk for online fraud than the rest of the population, and therefore should be even more careful in their online behavior.”
Researchers urged people using such services to input the bare minimum of information when making a purchase or setting up an online account.
“The less information hackers have to work with, the less vulnerable you are,” warned researchers. Researchers have since contacted the company, and the bucket has since been secured.
Accelerating healthcare transformation through patient-centred medtech solutions
Seize the digital transformation opportunities to streamline patient care and optimise patient outcomesFree Download
Big payoffs from big bets in AI-powered automation
Automation disruptors realise 1.5 x higher revenue growthFree Download
Hyperscaler cloud service providers top ten
Why it's important for companies to consider hyperscaler cloud service providers, and why they matterFree Download
Strategic app modernisation drives digital transformation
Address business needs both now and in the futureFree Download