A team of CyberNews researchers has disclosed that Snewpit, an Australian news-sharing platform, has leaked close to 80,000 users records.
The exposed data housed in an unsecured Amazon Web Services (AWS) server includes usernames, full names, email addresses, profile pictures and videos. Leaks include:
• 256 videos uploaded by app users and developers
• 23,586 photos documenting local events uploaded by users
• 4 CSV files – including one with 79,725 user information such as full names, email addresses, usernames, user descriptions, last login times and total time spent using the app
• Profile pictures of thousands of users
Investigators disclosed their findings on September 24 to Snewpit, which secured the records on the same day.
Although Snewpit developers detected no suspicious activity, the AWS bucket was exposed for five weeks, meaning any individuals with direct access to the link could have accessed and downloaded the data.
”We will be reviewing all access control settings and ensuring our user data is secure and encrypted,“ Snewpit founder Charlie Khoury said in response to the incident. “We take our data and security seriously and will endeavor to make sure this does not happen again.”
While there are no signs of user account compromise, Snewpit aficionados should change their account passwords and monitor their inboxes for any phishing or other suspicious emails.
Users shouldn’t overlook the incident just because the database lacked highly sensitive information such as credit card or Social Security numbers.
Bad actors can do wonders with small pieces of your digital persona, such as an email address or username – information that may seems unworthy of attention.