Security researchers working for vpnMentor have discovered that a storage bucket on AWS cloud was open for quite sometime, putting 5.5 million files or 343GB worth data at risk as it was accessible to hackers.
According to the research team led by Noam Rotem and Ran Locar, the AWS S3 bucket belonged to a company called InMotionNow that is basically a software company that is based in North Carolina and is into project management services.
Cybersecurity Insiders has learned that the data belonged to companies that stored their marketing material on the unsecured S3 bucket of AWS and that includes
- Training videos and some text files related to ISC2.org.
- Client details related to Insurance Company Brotherhood Mutual.
- Some training material meant for students pursuing courses at the Universities in Kent State of Ohio and Purdue in Indiana, along with a list of donors.
- Sensitive details related to Potawatomi Hotel & Casino in Milwaukee, Wisconsin
- Material related product design and accessories related to Electronics Company called Zagg.
- Information related to Freedom Forum Institute, non-profit organizations based in United States.
- Sensitive details related to Myriad Genetics and Performance Health.
Note 1- vpnMentor tried to reach InMotionNow to report the issue. But the company failed to acknowledge the incident. But it took all measures to make the data access private on the S3 bucket thereafter.
Note 2– inMotionNow is SaaS solutions provider that offers companies the privilege to manage their marketing and creative workflow efficiently and swiftly. It offers applications related to task and milestone management, project requisites, resource assignment, tracking online reviews that ease the administrative tasks of marketing and sales teams to a great level.