Security News > 2020 > February > It is with a heavy heart we must inform you, once again, folks are accidentally spilling thousands of sensitive pics, records onto the internet

It is with a heavy heart we must inform you, once again, folks are accidentally spilling thousands of sensitive pics, records onto the internet
2020-02-17 07:04

A software vendor specializing in record-keeping tools for plastic surgery clinics poorly secured a storage bucket hosted by Amazon Web Services containing hundreds of thousands of sensitive patient photos and records.

Infosec outfit ClearSky claims it has evidence of Iranian hackers, likely state backed, breaking into "Dozens of companies around the world in the past three years" by exploiting "Known vulnerabilities in systems with unpatched VPN and RDP services." The miscreants target businesses that provide IT services to others, allowing the intruders to menace thousands of customers, we're told.

Customer records on a public-facing, poorly secured Amazon Web Services S3 bucket, according to, once again, peeps at vpnMentor.

Cosmetics company Estee Lauder also saw millions of its internal documents spill onto the public internet this month, thanks to a poorly configured database.

"There were millions of records pertaining to middleware that is used by the Estée Lauder company," Fowler noted.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/17/roundup_feb14_2020/