A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers.
A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently yet to be taken by the company responsible, Barcelona-based “social commerce” company 21 Buttons.
For a commission, influencers upload their photos to the firm’s app and link to the e-commerce stores where users can buy the clothes they’re wearing.
According to vpnMentor, the firm has around two million monthly active users and partnerships with many of the biggest brands in Europe.
Of the 50 million files exposed in the snafu, which were mainly influencer photos and videos, the research team discovered hundreds of invoices said to relate to payments made to these social media stars.
Among the personally identifiable information (PII) exposed were…