Two top PDF tools have been found leaking user documents and data online
An Amazon S3 bucket was left unlocked and available for anyone to access
Two top PDF maker tools, both owned by the same company, reportedly operated a misconfigured database leaking sensitive user data to the wider internet via an exposed Amazon S3 bucket.
Researchers from Cybernews claim PDF Pro and Help PDF have so far leaked more than 89,000 documents, and apparently continue to do so. The tools are owned by the same legal entity, registered in the UK and have a similar design, as both offer similar services - PDF conversion, compression, editing, and document signing.
In the meantime, users keep uploading sensitive files, including passports, driving licenses, different certificates, contracts, as well as other documents and information, oblivious to the fact these are now up for grabs to anyone who knows where to look.
Unprotected databases
“With access to personal documents, criminals can engage in various fraudulent activities such as applying for loans, renting properties, or purchasing expensive items using the victim's identity,” the researchers said.
At the same time, the company leaking the information could be facing major fines, if some of the documents belong to the citizens of the European Union (EU) since, in that case, they fall under strict GDPR rules.
The company is currently keeping quiet, but it’s safe to assume that the Amazon S3 bucket will be locked down soon enough (if it wasn’t already, as you’re reading this).
Unprotected databases continue to be one of the biggest causes of information spills and data breaches. Many companies, including large enterprises and even government organizations, have so far managed to leak millions of data records, with employees erroneously keeping an archive on the internet and without any protections.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Online services, especially free ones, aren’t exactly famous for their data protection practices, so being extra careful is advised in any case.
More from TechRadar Pro
- Top global network service provider apparently leaks hundreds of millions of user accounts
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.