An Amazon S3 bucket owned by the company was left open without proper access authorization and authentication controls in place, exposing sensitive data for around 12,000 people.

An Amazon S3 bucket owned by the company was left accessible without authentication controls in place, exposing sensitive and personal data for potentially hundreds of thousands of customers.

Morley Companies Inc. disclosed a data breach after falling victim to a ransomware attack on Aug. 1, 2021, according to a security incident notification by the company on Wednesday.

In total, 13,124,962 of records (or 7GB of data) have been exposed in the breach, potentially implicating more than 200,000 people in unethical activities like giving fake product reviews on Amazon.

Bykea had exposed all its production server information and allowed access to over 200GB of data containing more than 400 million records showing people’s full names, locations, and more.

The company’s unsecured ElasticSearch database contained personally identifiable information (PII) from at least 214 million people from around the world using Facebook, Instagram, and LinkedIn.