Researcher Bob Diachenko revealed, on Monday afternoon (19) through his Twitter profile, that an unprotected server ended up exposing data from more than 13 million Fotor users, famous free online photo editor.
Although Bob did not provide details about this, we can deduce that it was just another case of Amazon Simple Storage Service (S3) bucket or poorly configured Elasticsearch environment.
[IN SHORT] Popular online photoeditor Fotor [@fotor_com] exposed emails + nicknames of its 13M + users. Now secured, “the trouble shooting by our technical guys are still ongoing”. The main threat for the users: targeted phishing attacks. pic.twitter.com/xDNYuVsNo8
– Bob Diachenko (@MayhemDayOne) October 19, 2020
In the image shared by the expert, we can see that the exposed data includes email address, number of “fans”, URL of the image used as a profile photo and username (nickname). As noted by the analyst himself, although no sensitive information has been leaked, the collection could very well be used by scammers in personalized targeted phishing campaigns.
Bob says that, after notifying the Fotor team, she removed the server and was working on the “complications” of the incident. However, it seems that the team acted late, since The Hack was already able to find a copy of the database – with 9 million records – being disseminated for free on forums specific to that type of content.
The Hack has contacted Fotor’s press office and we will update this story as soon as the company pronounces.
Source: Bob Diachenko / Twitter
See the original post at: https://thehack.com.br/alerta-editor-de-fotos-fotor-com-sofre-vazamento-e-expoe-dados-de-mais-de-13-milhoes/?rand=48873
