March 22, 2023

German audio equipment manufacturer, Sennheiser left an unsecured AWS server online. The server stored around 55GB of information on over 28,000 Sennheiser customers.

Sennheiser used an AWS S3 bucket to store large data files comprising data collected from its customers. The database was an old cloud account containing data of 28,000 customers and collected between 2015-2018; however, the database was dormant since 2018.

Advertisements

The scope of the exposure is worldwide, but the majority of affected customers are in North America and Europe. The misconfigured AWS bucket may have helped criminals identify targets for identity theft, tax fraud, insurance fraud, and phishing campaigns for more sensitive data.

The database could be old, but the information would be precious to cybercriminals. The bucket contained data from individuals and businesses requesting Sennheiser’s product samples. The database included full names, email IDs, home addresses, phone numbers, employee names, and company names.

This kind of data is sufficient for cybercriminals to perform various attacks such as phishing scams or identity theft. The exposed AWS server was secured by Sennheiser promptly, but it is concerning that such sensitive data was open to public access for such a long time.

Tags:

Leave a Reply

You may have missed

Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023
Mispadu Banking Trojan

Mispadu Banking Trojan

March 22, 2023
DotRunpeX – Malware Injector Spreads in Wild

DotRunpeX – Malware Injector Spreads in Wild

March 21, 2023
Killnet Targets Healthcare Azure Resources

Killnet Targets Healthcare Azure Resources

March 21, 2023
NBA suffers a Data Breach – Third Party Provider Data Stolen

NBA suffers a Data Breach – Third Party Provider Data Stolen

March 21, 2023
Ferrari – Cyber Attack Ransom Demanded

Ferrari – Cyber Attack Ransom Demanded

March 21, 2023
%d bloggers like this: