Marketing company leaks personal data of millions of US citizens
Full names, emails, addresses, phone numbers and ZIP codes were left exposed online in an unsecured database
Marketing companies often collect data on users in order to better deliver targeted advertising but what happens when this data is left unsecured online?
CyberNews recently discovered an unsecured data bucket belonging to the online marketing company View Media which contained close to 39 million records on users in the US including their full names, emails, physical addresses, phone numbers and ZIP codes.
The database was left on a publicly accessible AWS server and anyone could have accessed it and downloaded the data it contained before the server was secured.
- We've put together a list of the best antivirus software on the market
- Access your files from anywhere with the best cloud storage services
- These are the best anonymous browsers around
This is actually the second time this summer that CyberNews has discovered an unsecured Amazon bucket containing massive amounts of user data after it found 350m unencrypted email addresses exposed online back in August.
Unsecured database
The publicly accessible Amazon S3 bucket contained 5,302 files including 700 statement of work documents stored in PDF files and 59 CSV and XLS files containing 38m+ records of US citizens, of which 23m+ were unique records.
The user record files were created based on locations and ZIP codes that View Media used in its online marketing campaigns. The company offers targeted marketing services to US publishing brands such as Tribune Media and the Times Media Group. In addition to millions of user records, the bucket also contained thousands of marketing newsletters, promotional flyer designs, banner ads and statement of work documents created by View Media for its clients.
The bucket was hosted on an Amazon AWS server and was exposed for an unknown period of time before CyberNews discovered it and alerted Amazon. The cloud giant then secured the database just two days after the news outlet reached out.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While no deeply sensitive personal information was stored in the database, cybercriminals could still use the information it contained to launch phishing attacks and other online scams against almost 39m Americans.
- We've also highlighted the best VPN services
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.