• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Security » Online marketing company exposes 38+ million US citizen records

Online marketing company exposes 38+ million US citizen records

by Edvardas Mikalauskas
3 September 2020
in Security
0
personal records questionnaire
91
SHARES

The CyberNews research team discovered an unsecured data bucket that belongs to View Media, an online marketing company. The bucket contains close to 39 million US user records, including their full names, email and street addresses, phone numbers and ZIP codes.

The database was left on a publicly accessible Amazon Web Services (AWS) server, allowing anyone to access and download the data. Following the 350 million email leak covered by CyberNews earlier in August, this is the second time this summer we encountered an unsecured Amazon bucket containing such massive amounts of user data.

On July 29, the exposed View Media bucket was closed by Amazon and is no longer accessible.

To see if your email address has been exposed in this or other security breaches, use our personal data leak checker.

What data is in the bucket?

The publicly available Amazon S3 bucket contained 5,302 files, including:

  • 700 statement of work documents for targeted email and direct mail advertising campaigns stored in PDF files
  • 59 CSV and XLS files that contained 38,765,297 records of US citizens in total, of which 23,511,441 records were unique

The user record files were created based on locations and ZIP codes that the marketing company’s campaigns were targeting and contained full names, addresses, zip codes, emails, and phone numbers of people based in the US.

Aside from the statement of work documents and user records, the bucket contained thousands of files for various marketing materials, such as banner advertisements, newsletters, and promotional flyers.

Examples of exposed records

Here are some examples of the user records and statement of work documents left on the publicly accessible bucket.

Most of the CSV files contain user records for what we assume to be target demographics for either digital or physical marketing materials.

censored list with emails and phone numbers
censored list with names and addresses

The statement of work documents for marketing campaigns date between 2018 and 2019:

censored document from tribure digital
censored document from gray

Who owns the bucket?

The unsecured Amazon S3 bucket appears to belong to View Media, an online marketing company that specializes in email marketing, display advertising, design, hosting, direct mails, date sales, and other digital marketing services. The company offers targeted marketing services to American publishing brands like Tribune Media and Times Media Group.

Apart from millions of user records, the bucket also contains thousands of marketing newsletters, promotional flyer designs, banner ads, and statement of work documents created by View Media for its clients.

Who had access?

The bucket was hosted on an Amazon AWS server that has been exposed for an unknown period and it is unclear if any bad actors have accessed the data stored therein.

With that said, unsecured Amazon buckets are relatively easy to find and access without any kind of authorization, which means that anyone who knows where to look could have downloaded the files.

What’s the impact?

Even though the files in the unsecured Amazon S3 bucket do not contain deeply sensitive personal information such as social security or credit card numbers, cybercriminals can use the personal details in the database for a variety of malicious purposes:

  • Scammers can use the names, email addresses, and phone numbers of the exposed people for a wide variety of fraudulent schemes
  • Simple contact details can be enough for spammers and phishers to launch targeted attacks against 38+ million exposed Americans from multiple angles, such as robocalls, text messages, emails, and social engineering campaigns
  • Determined cybercriminals can combine the data found in this bucket with other data breaches to build profiles of potential targets for identity theft

What happened to the data?

Because we were initially unable to identify the owner of the unsecured bucket, we contacted Amazon on July 27 to help them secure the database. They were able to close the bucket on July 29.

We then reached out to one of the marketing company’s clients mentioned in the statement of work documents that were stored on the bucket, who helped us identify View Media as the owner of the database on August 21. On August 24, we contacted View Media for an official comment regarding the leak. However, we received no response from the company.

Should you be worried and what to do if you’ve been affected?

If you are a US citizen, there is a chance that your data might be exposed in this leak. To see if you have been affected by this breach, we recommend doing the following:

  1. Use our personal data leak checker to see if your email address has been leaked.
  2. If your email happens to be among those leaked, immediately change your email password and use a password manager.
  3. Look out for potential phishing emails and spam emails. Don’t click on anything suspicious, whether it’s an email, a text message, or any link therein.
Share91TweetShareShare

Related Posts

Nohow International leaks sensitive worker data

12,000+ workers’ IDs, banking details, and other personal data leaked by UK staffing agency

19 January 2021
Telegram app on mobile

Watch out: there’s a new Telegram scam about

15 January 2021
Email icon on laptop screen

How phishing attacks are evolving and why you should care

14 January 2021
Ransom message on laptop screen

Why ransomware attacks will explode in 2021

12 January 2021
Next Post
Bitwarden logo

Bitwarden Review

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    82912 shares
    Share 82901 Tweet 0
  • ProtonMail review: have we found the most secure email provider in 2021?

    61 shares
    Share 61 Tweet 0
  • Bitwarden Review

    0 shares
    Share 0 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Custom mechanical keyboards – 17 coolest ones we’ve ever seen

    442 shares
    Share 441 Tweet 0
Facebook says some users facing issues with Messenger, Instagram

Factbox: How Facebook, Twitter, and others are girding for inauguration threats

20 January 2021
Uploading on mobile screen and Data Protection on desktop screen

Privacy and data protection trends in 2021

20 January 2021
valve logo

EU hits game distributor Valve, five others with 7.8 million euro fine

20 January 2021
google logo

Trump pardons former Google self-driving car engineer Levandowski

20 January 2021
Malwarebytes hacked by state actors behind SolarWinds attack

Malwarebytes hacked by state actors behind SolarWinds attack

20 January 2021
Edvardas Šileris

Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached

20 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!