A security researcher discovered an unprotected Amazon S3 storage bucket belonging to FormGet, that exposed several internal documents, customer-uploaded data, invoices, receipts, resumes and more.
FormGet is an online form-maker and an email marketing company that has over 43000 clients across the globe.
What was exposed?
The storage bucket contained several corporate documents and user-uploaded documents. The exposed documents include:
What actions were taken?
The security researcher who discovered the leaky server notified TechCrunch in order to get the server secured. TechCrunch reported the data leak to FormGet, which immediately responded by taking down the bucket and disabling access to the public.