Andersen Corporation leaks customer home photos and addresses

Construction and home renovation giant Andersen Corporation exposed clients’ private data, including home photos and addresses.

On January 18, 2023, the Cybernews research team discovered an unprotected Azure storage blob containing around a million files belonging to Renewal by Andersen, a subsidiary of the multinational Andersen Corporation.

Nearly 300,000 documents on the cloud exposed the company’s customer home addresses, contact details, and home renovation orders, including interior and exterior photos of client homes from various US states. The earliest files date back to 2016.

Andersen Corporation is the largest window and door manufacturer in North America and employs around 12,000 employees worldwide.

Cybernews reached out to Andersen Corporation regarding the leak, and at the time of writing, the open instance was already closed.

Vulnerable to burglary and identity theft

Renovation projects on the cloud storage were archived by customers, including JSON files with customers' names, emails, and phone numbers. The dataset also included a “savedata” file assumingly containing hashed client’s physical signature.

It also contained PDF files with order details – materials used, items bought and installed, various agreements, and photos of home areas where company employees are planning to do the work.

Screenshot of the document with client’s home photos
Screenshot of the document with the client’s home photos

Cybernews researchers warn that such data leaks are dangerous, as threat actors can use personal information like names, emails, phone numbers, and addresses for phishing scams, identity theft, and other types of fraud.

Details about the renovation work and pictures of the homes can make the victims more susceptible to burglaries. Additionally, leaked physical signatures in the form of hashes can allow threat actors to impersonate and sign documents on behalf of the individual.

Screenshot of “savedata” file containing signature hashes.
Screenshot of “savedata” file containing signature hashes. Assuming the length of the hashes, it could be digital copies of physical signatures

Company’s response

The dataset was secured immediately after Cybernews contacted the company. However, Andersen Corporation has neither confirmed nor denied it owned the database, leaving us to wonder how a treasure trove of sensitive customer information was exposed to the public.

The company’s email to a Cybernews journalist was rather vague, trying to assure the public its systems haven’t been compromised.

“We have completed a review of our internal IT systems and determined that neither our Andersen or Renewal by Andersen systems have been compromised,” stated the company. “Andersen takes data privacy very seriously. We have strong internal systems in place to protect information.”

“The company claims to have no evidence of unauthorized access, but since there was no authorization from their side, all access technically would be authorized by default,” commented Mantas Sasnauskas, Cybernews research team lead.

Cybernews sent some follow-up questions in regards to the dataset’s ownership but received no answer before going to press.

JSON file with customer data
JSON file containing customer names, phone numbers, email addresses, physical address

How to protect yourself

Renewal by Andersen clients should carefully consider the exposed information and act accordingly.

  • Monitor financial accounts: Keep an eye on your bank and credit card statements for suspicious activity. If you notice any unauthorized transactions, you should report them to your bank immediately.
  • Be wary of phishing scams: Scammers may use the leaked information to send phishing emails or make phone calls pretending to be a legitimate company. You should be cautious about clicking on links or providing personal information in these messages.
  • Monitor credit report: You should check your credit report to ensure no unauthorized accounts or loans are opened in your name.
  • Ensure security at home: Unfortunately, not much can be done to remediate the effects of having home addresses and photos leaked, apart from taking steps to secure the physical home, like installing home security systems.

Data leak could have been prevented

According to the Cybernews research team, the cause of the leak was an unprotected Azure Storage blob. The leak could have been prevented by implementing proper authorization controls to block public access to cloud storage. Here are the ways how companies using an Azure Storage Blob can prevent data leaks:

  • Access control: Azure Storage blobs support various access control mechanisms, such as Azure Active Directory authentication and Role-Based Access Control (RBAC). Using these tools can restrict access to the blob to only authorized users.
  • Network security: Access to the blob should be limited to trusted internal networks only. Network security groups can be used to restrict access to the blob from specific IP addresses or virtual networks.
  • Encryption: Azure Storage blobs support server-side encryption that encrypts the stored data and protects it if an unauthorized user accidentally gains access to the blob.
  • Auditing and logging: Azure Storage blobs support auditing and logging, which helps to detect, track and investigate unauthorized access.
  • Regular review: A company should regularly review the access control, network security, encryption, and auditing/logging settings to ensure they are still appropriate and effective.
  • Employee training: Employee training on data security and handling sensitive information is essential to prevent human errors that can lead to data breaches.

More from Cybernews:

US Cellular customer data allegedly up for grabs on the dark web

Cybercrime is world’s third-largest economy thanks to booming black market

InTheBox threat group targets Android banking applications worldwide

EV chargers vulnerable to attack

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked