The Curious Case of 20 Unsecured Buckets Containing Nearly 48 Million Records

The Curious Case of 20 Unsecured Buckets Containing Nearly 48 Million Records

  • PetBecker, HelloTech, and Activ are some of the companies affected by the incident.
  • The data leak has also impacted an app called Cluster and a real estate answering services company.

In an investigation lead by NBC News, it has been found that nearly 20 cloud buckets were left open to the public without passwords. This has affected millions of users across the world.

These unguarded buckets were found containing nearly 48 million records.

Who are the victims?

  • To name a few, a pet-sitting app called PetBecker, a company that provides in-home information technology services HelloTech and Australia’s largest disability service provider Activ are affected by the incident.
  • The data leak has also impacted an app called Cluster and a real estate answering services company.
  • The bucket used by PetBecker included drivers’ licenses and other sensitive documents from users based in the United States, the Czech Republic, the Philippines, the United Kingdom, Malaysia, and Australia.
  • On the other hand, the bucket held by HelloTech included thousands of unprotected identity documents belonging to its technicians. The bucket was also filled with images of IT setups inside customers’ homes.
  • The unprotected cloud bucket used by Cluster had exposed 6.4 million photos, including those of children at school.
  • NBC News had also accessed a bucket used by a real estate answering services company. It found millions of voicemails, mostly apartment inquiries, and maintenance requests, that include the callers’ names and cellphone numbers.

How did the company respond?

  • PetBecker admitted that the problem stemmed from users who submitted identity documents via the app’s support chat function.
  • Upon learning about the incident, Activ investigated the matter immediately and resolved the situation within 45 minutes.
  • Cluster’s unsecured bucket was available until late on November 26 it changed the settings on its cloud storage.