Friendemic, a digital marketing provider that offers services to US car dealerships, has exposed almost three million records consisting of personally-identifiable information (PII) following a misconfiguration in the cloud settings. The privacy breach was discovered by a researcher at Comparitech, who was conducting routine internet crawls to check for issues such as this. In this instance, like many others, the information was stored in an unsecured Amazon S3 bucket publicly accessible to any internet user.
The 2.7 million records included personal information such as full names, phone numbers, email addresses, and 16 OAuth tokens stored in plaintext. Friendemic has told security researchers that the records were not related to customers of its car dealership clients, furthering that the OAuth tokens were only for internal system use. However, the firm acted quickly and remediated the massive data leak within a day. Friendemic released a statement claiming that they were in the process of conducting a review of its data security.
Read More: Marketing Firm Spills Nearly Three Million Records