Artwork Archive cloud storage misconfiguration exposed user data, revenue records
Misconfigurations in Artwork Archive, a platform used to connect artists to potential buyers, allegedly led to a data leak in which the personally identifiable information (PII) of users was exposed. The WizCase team reported that they discovered a misconfigured Amazon S3 bucket belonging to the platform. The researchers stated that the bucket contained over 200,000 files containing PII. Artwork Archive advertises itself as a means to give artists, collectors, and organizations a method of managing their art. The platform offers software solutions on a subscription basis to manage exchanges.
Researchers at WizCase discovered the misconfigured bucket on May 23, claiming that it lacked authentication to access. In total, records pertaining to 7,000 artists, collectors, galleries, and customers dating back to August 2015 were exposed, totaling 421GB of data. Data that could be publicly viewed due to the misconfigurations included full names, physical addresses, email addresses, and in some cases, purchase details. The purchase details exposed included prices of artwork, sales agreements, and revenue reports.