The Cybernews research team has discovered that Good Smile Company, a Japanese hobby products maker best known for anime and gaming figurines, misconfigured an Amazon web services (AWS) simple storage service (S3) bucket, exposing a whopping 1.2 million files.
Key findings:
- The exposed data hides the personally identifiable information (PII) of over 270,000 Good Smile Company customers.
- Only a fraction of the exposed files, 156 CSV (comma-separated values) files, and 1058 XLSX files, contain sensitive information.
- Most of the customers who had their details revealed reside in the US and Canada.
- The data has been exposed since at least April 2024, when the team first discovered the open instance.
The exposed customer details include:
- Full names
- Email addresses
- Nicknames
- Home addresses
- Order details (order date, type of purchase, payment method, and amount)
- IP addresses
Multiple attempts to reach out to the Good Smile Company didn’t result in a response. And the instance was still open at the time of writing.
Dangers of the leak
Leaving chunks of PII belonging to a group of people with specialized interests invites attackers to use the situation to their advantage.
For the full research, please visit: https://cybernews.com/security/good-smile-company-leaks-customer-data/
Related
This entry was posted on July 17, 2024 at 10:04 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Anime figurine maker exposes North American customer names, home addresses
The Cybernews research team has discovered that Good Smile Company, a Japanese hobby products maker best known for anime and gaming figurines, misconfigured an Amazon web services (AWS) simple storage service (S3) bucket, exposing a whopping 1.2 million files.
Key findings:
The exposed customer details include:
Multiple attempts to reach out to the Good Smile Company didn’t result in a response. And the instance was still open at the time of writing.
Dangers of the leak
Leaving chunks of PII belonging to a group of people with specialized interests invites attackers to use the situation to their advantage.
For the full research, please visit: https://cybernews.com/security/good-smile-company-leaks-customer-data/
Share this:
Like this:
Related
This entry was posted on July 17, 2024 at 10:04 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.