What happened?

According to the reports of CyberNews research team, They have discovered an unsecured set of data which according to them belongs to View Media, which is said to be an Marketing company which specializes in online marketing. According to CyberNews, The data bucket found contains around 39 million user records of United States citizens including many of their personal information. As if this wasn’t enough, our researchers at Stormbreaker.in found out that the main website of View Media (.) com has been hacked and redirected to an online pharmacy which is selling different drugs like Viagra etc.

What kind of information did the bucket contain?

The data bucket was publicly visible on Amazon S3 bucket which had 5,302 files. It included 700 statement of work documents for targeted email and direct mail advertising campaigns as pdf files. The bucket also consisted of 59 CSV and XLS files which had 38,765,297 US citizens records.

In these US citizens records, these personal information was available:

  • Full name.
  • Email address
  • Street addresses
  • Phone numbers
  • Zip codes.
  • User locations.

The bucket also had many types of Newsletters, promotional flyers, advertisements banners and other marketing materials.

Below are some screenshots in the report by Cybernews:

How did the website got hacked?

Somehow the website viewmedia(.)com redirects you to another website which appears to be an online pharmacy selling pills like viagra on the website. Our researcher at Stormbreaker.in believes that the attackers must have hijacked the page and created a redirection portal which leads to this page. Here is the screenshot below of the website:

This is the page shown, When opening the website directly using viewmedia([.])com

And this is how the cached page of the original website looks like:

How the original website is intended to be shown on visit.

How did the Data got exposed in such a immature way?

The Amazon S3 bucket which stored the data of View media must have been poorly configured by their IT employees. That might be one of the other reasons which could have caused this jumble. The data must have been exposed from a very long time which is unknown yet and it is not sure whether any cyber criminal or a perpetrator had found it earlier before today. Such poorly configured unsecured S3 buckets are easy to find and anyone with the basic knowledge of IT can access all the contents and download them as well. Amazon, has closed the company View Media’s bucket and is not accessible for now.

What harm can such data leak or expose of personal information do to you?

When any kind of data is leaked, breached, stolen or taken under control of any perpetrator, it should be considered an alarming risk for you. Such data usually consists of personal information like:

  • Your Name.
  • Your Age.
  • Your email address.
  • Your Address.
  • Your Contact No.
  • Your Address.
  • Your Tax numbers.
  • Your Social Security Number.
  • Your Pension account number.
  • Your Bank account details.

Such information can be used against you in either scamming you, commiting a crime while impersonating as you, using your information to commit fraud and much more. Hence, It is always wise to be alert about such scenarios and perform some preventive measures to secure yourself.

Steps to secure/prevent yourself from such incidents?

Follow these steps if you are an individual or you an employer:

  • Educate and train yourself & your employees against such attacks. Training against the known attack procedures can help you in long way.
  • Do not open any email whose source can’t be trusted. Report the same to your admins for further investigation.
  • Always change your passwords of important accounts like your email, your social media and bank accounts. Follow these step in every 2-3 months.
  • It is better to backup all the data that is being stored in your devices or servers. it is always better to have offline backups which can come in handy during such scenarios.
  • Rely on a good and trusted Security tools and solutions. No compromise can be done here as they are guarding your business.
  • Keep your private and work devices separate. If not possible, at least use different user environment on devices.
  • Use trusted VPN provider for your/organization devices and network. Don’t fall into the free VPN trap. They usually don’t work and store your information.
  • Always keep your devices up to date. You should install all the latest patch, drivers that are released only by the hardware manufacturer of your devices.
  • Try not to access websites whose identity cannot be verified. Most of these websites can be identified by their shady website UI and offering of Paid software’s in free.
  • Always listen to your IT Security consultant and plan your steps accordingly. You might know your business well, but your IT security consultant knows your systems and network better.
  • Do not pay ransom to the ransomware operators ever. This would not ensure whether you would get your data back or the operators would not public or delete your data.

By Siddhant Pathak

Cyber security architect, 7+ years experience in cyber security industry, Tech savy, Nature lover, Bullet 350 rider

Have some thoughts? why not share with us here.