Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » Online marketing company exposes 38+ million US citizen records

Online marketing company exposes 38+ million US citizen records

by Edvardas Mikalauskas
3 September 2020
in Security
0
personal records questionnaire
91
SHARES

The CyberNews research team discovered an unsecured data bucket that belongs to View Media, an online marketing company. The bucket contains close to 39 million US user records, including their full names, email and street addresses, phone numbers and ZIP codes.

The database was left on a publicly accessible Amazon Web Services (AWS) server, allowing anyone to access and download the data. Following the 350 million email leak covered by CyberNews earlier in August, this is the second time this summer we encountered an unsecured Amazon bucket containing such massive amounts of user data.

On July 29, the exposed View Media bucket was closed by Amazon and is no longer accessible.

To see if your email address has been exposed in this or other security breaches, use our personal data leak checker.

What data is in the bucket?

The publicly available Amazon S3 bucket contained 5,302 files, including:

  • 700 statement of work documents for targeted email and direct mail advertising campaigns stored in PDF files
  • 59 CSV and XLS files that contained 38,765,297 records of US citizens in total, of which 23,511,441 records were unique

The user record files were created based on locations and ZIP codes that the marketing company’s campaigns were targeting and contained full names, addresses, zip codes, emails, and phone numbers of people based in the US.

Aside from the statement of work documents and user records, the bucket contained thousands of files for various marketing materials, such as banner advertisements, newsletters, and promotional flyers.

Examples of exposed records

Here are some examples of the user records and statement of work documents left on the publicly accessible bucket.

Most of the CSV files contain user records for what we assume to be target demographics for either digital or physical marketing materials.

censored list with emails and phone numbers
censored list with names and addresses

The statement of work documents for marketing campaigns date between 2018 and 2019:

censored document from tribure digital
censored document from gray

Who owns the bucket?

The unsecured Amazon S3 bucket appears to belong to View Media, an online marketing company that specializes in email marketing, display advertising, design, hosting, direct mails, date sales, and other digital marketing services. The company offers targeted marketing services to American publishing brands like Tribune Media and Times Media Group.

Apart from millions of user records, the bucket also contains thousands of marketing newsletters, promotional flyer designs, banner ads, and statement of work documents created by View Media for its clients.

Who had access?

The bucket was hosted on an Amazon AWS server that has been exposed for an unknown period and it is unclear if any bad actors have accessed the data stored therein.

With that said, unsecured Amazon buckets are relatively easy to find and access without any kind of authorization, which means that anyone who knows where to look could have downloaded the files.

What’s the impact?

Even though the files in the unsecured Amazon S3 bucket do not contain deeply sensitive personal information such as social security or credit card numbers, cybercriminals can use the personal details in the database for a variety of malicious purposes:

  • Scammers can use the names, email addresses, and phone numbers of the exposed people for a wide variety of fraudulent schemes
  • Simple contact details can be enough for spammers and phishers to launch targeted attacks against 38+ million exposed Americans from multiple angles, such as robocalls, text messages, emails, and social engineering campaigns
  • Determined cybercriminals can combine the data found in this bucket with other data breaches to build profiles of potential targets for identity theft

What happened to the data?

Because we were initially unable to identify the owner of the unsecured bucket, we contacted Amazon on July 27 to help them secure the database. They were able to close the bucket on July 29.

We then reached out to one of the marketing company’s clients mentioned in the statement of work documents that were stored on the bucket, who helped us identify View Media as the owner of the database on August 21. On August 24, we contacted View Media for an official comment regarding the leak. However, we received no response from the company.

Should you be worried and what to do if you’ve been affected?

If you are a US citizen, there is a chance that your data might be exposed in this leak. To see if you have been affected by this breach, we recommend doing the following:

  1. Use our personal data leak checker to see if your email address has been leaked.
  2. If your email happens to be among those leaked, immediately change your email password and use a password manager.
  3. Look out for potential phishing emails and spam emails. Don’t click on anything suspicious, whether it’s an email, a text message, or any link therein.

Protect yourself online with our hand-picked digital privacy tools

Password managers

  • Are password managers safe?
  • Best password managers
  • Dashlane review
  • NordPass review
  • LastPass review

VPN

  • What is a VPN?
  • Best VPN services in 2021
  • NordVPN review
  • Surfshark VPN review
  • CyberGhost VPN review

Antivirus software

  • Best antivirus software in 2021
  • Bitdefender antivirus review
  • TotalAV antivirus review
  • Kaspersky antivirus review
  • Avira antivirus review

Share91TweetShareShare
Next Post
Bitwarden logo

Bitwarden Review

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

COMb data leak - Mother of all breaches
News

COMB: largest breach of all time leaked online with 3.2 billion records

by Bernard Meyer
12 February 2021
37

It's being called the biggest breach of all time and the mother of all breaches: COMB, or the Compilation of...

Read more
14 million Amazon and eBay accounts sold online in new leak

14 million alleged Amazon and eBay account details sold online

17 February 2021
The hype around quantum computing: it’s not too early to get in

The hype around quantum computing: it’s not too early to get in

15 February 2021
Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

15 February 2021
Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

10 February 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
  • Tools
    • Password generator
    • Personal data leak checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!