Data breach exposes millions of seniors' data

Misconfigured S3 bucket had exposed personal information on three million people

Data breach

Security researchers have found a major breach that exposed the details of over three million US seniors.

According to WizCase, the data breach affected SeniorAdvisor, “one of the largest consumer ratings and reviews websites for senior care and services across the US and Canada.” Among the exposed details were users’ names, surnames, phone numbers, and more.

Researchers at WizCase discovered a misconfigured Amazon S3 bucket belonging to the website containing over 1 million files and 182GB of data. Contact dates from the files suggest they are from 2002 to 2013, though the files had a 2017 timestamp.

“The majority of data exposed was in the form of leads, a list of potential customers whose details were collected by SeniorAdvisor presumably via their email or phone call campaigns,” said researchers.

Researchers also unearthed  2,000 “scrubbed” reviews. These are reviews where the user’s sensitive information has been wiped or redacted.

“However, this scrubbing process is useless if you have the corresponding information. The scrubbed reviews had a lead id which could be used to trace the review back to who originally wrote it,” researchers said. As both lead data and these scrubbed reviews were in the same database, supposedly anonymous reviewers could have their identity revealed with a simple search operation.

WizCase researchers said since the breach contained data from a section of the public more vulnerable to scams, the risks were higher. In a 2018-2019 report, the Federal Trade Commission (FTC) noted that people who filed a fraud complaint between 60 and 69 years old lost $600 per scam on average. The amount rose in older groups, culminating in $1700 on average per scam for people between 80 and 89.

Related Resource

From zero to hero: The path to CIAM maturity

Your guide to the CIAM journey

Whitepaper front coverDownload now

“In particular, the report found senior citizens were more likely to fall for digital scams such as tech support scams, prize/sweepstakes scams, online shopping scams, and especially phone scams,” said researchers. “As shown, senior citizens are at greater risk for online fraud than the rest of the population, and therefore should be even more careful in their online behavior.”

Researchers urged people using such services to input the bare minimum of information when making a purchase or setting up an online account.

“The less information hackers have to work with, the less vulnerable you are,” warned researchers. Researchers have since contacted the company, and the bucket has since been secured.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Establishing a strong foundation for DataOps
Whitepaper

Establishing a strong foundation for DataOps

6 Jan 2022
Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Network virtualisation for dummies
Whitepaper

Network virtualisation for dummies

3 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022