September 30, 2023

German audio equipment manufacturer, Sennheiser left an unsecured AWS server online. The server stored around 55GB of information on over 28,000 Sennheiser customers.

Sennheiser used an AWS S3 bucket to store large data files comprising data collected from its customers. The database was an old cloud account containing data of 28,000 customers and collected between 2015-2018; however, the database was dormant since 2018.

Advertisements

The scope of the exposure is worldwide, but the majority of affected customers are in North America and Europe. The misconfigured AWS bucket may have helped criminals identify targets for identity theft, tax fraud, insurance fraud, and phishing campaigns for more sensitive data.

The database could be old, but the information would be precious to cybercriminals. The bucket contained data from individuals and businesses requesting Sennheiser’s product samples. The database included full names, email IDs, home addresses, phone numbers, employee names, and company names.

This kind of data is sufficient for cybercriminals to perform various attacks such as phishing scams or identity theft. The exposed AWS server was secured by Sennheiser promptly, but it is concerning that such sensitive data was open to public access for such a long time.

Tags:

Leave a Reply

You may have missed

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023
%d bloggers like this: