Security News > 2022 > July > Unsecured and unencrypted South Korean loyalty platform exposes data of more than 1 million customers

Unsecured and unencrypted South Korean loyalty platform exposes data of more than 1 million customers
2022-07-06 13:42

According to the Website Planet security team, a recent incident affected the Dodo Point loyalty point service platform and resulted in a huge exposure of personal data.

Figure A. An Amazon bucket used by the company was not secured: No authentication protocol had been deployed, and no data encryption had been used on the storage, resulting in the exposure of around 73,000 files, representing over 38GB of data.

The researchers who found the breached data first tried to reach Spoqa, a company to which Dodo Point belonged at the time of the data discovery.

As part of this project, they use web scanners to identify unsecured data stores on the Internet before analyzing and reporting these stores to impacted companies to secure them and raise awareness on the dangers of such exposures.

These data exposures can lead to the exploitation of personal data for cybercrime: An attacker might impersonate an individual or use their information to target them with specific phishing or social engineering tricks.

Data stored in such databases should be encrypted so that even if an attacker manages to access data, it may be useless to them.


News URL

https://www.techrepublic.com/article/south-korean-data-breach/