The popular PhotoSquared photo printing application has exposed thousands of customer photos, addresses and order details.
At least 10,000 shipping labels were stored in an Amazon Web Services (AWS) public storage warehouse. There was no password in the bucket, which allowed anyone who knew the web address easy to guess access to customer data. Too often, these AWS storage depots are poorly configured and configured as "public" and not "private."
The exposed data included high-resolution photos uploaded by the user and generated shipping labels, dating from 2016, and updated daily. The application has more than 100,000 users, according to its Google Play listing.
It is not known how long the storage tank was left open.
Security researchers provided the name of the cube exposed to Newsdio. We compare a series of shipping labels with existing public records, and contact PhotoSquared on Wednesday to warn about the exhibition.
Keith Miller, executive director of Strategic Factory, owner of PhotoSquared, confirmed that the data was no longer exposed; however, Miller declined to say if he planned to inform customers or regulators under the data breach notification laws.
At the time of writing this article, PhotoSquared has not referred to the security span on its website or its social media accounts.