ADVERTISEMENT

Anime figurine maker exposes North American customer names, home addresses

Good Smile Company, a Japanese hobby products maker, may have inadvertently created hundreds of thousands of frowns after a misconfigured instance was discovered leaking sensitive details for months.

Good Smile Company

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Jul 17, 2024 Updated: 8 December 2025 2 min read
  • Full names
  • Email addresses
  • Nicknames
  • Home addresses
  • Order details (order date, type of purchase, payment method, and amount)
  • IP addresses
Leaked data
Sample of the leaked data. Image by Cybernews.
ADVERTISEMENT

Nothing to smile about

  • Change the access controls to restrict public access and secure the bucket. Update permissions to ensure that only authorized users or services have the necessary access.
  • Monitor retrospectively access logs to assess whether unauthorized actors have accessed the bucket.
  • Enable server-side encryption to protect data at rest.
  • Use AWS Key Management Service (KMS) to manage encryption keys securely.
  • Implement SSL/TLS for data in transit to ensure secure communication.
  • Consider implementing security best practices, including regular audits, automated security checks, and employee training.
ADVERTISEMENT