Popular audio product maker Sennheiser accidentally left open an old AWS account that had thousands of customers’ data. This cloud account has been inactive since 2018 and exposed over 28,000 Sennheiser customers’ private data.
A team of researchers at vpnMentor discovered this open old Sennheiser server with customer data. Although the data is old it is still valuable to hackers who can use it to perform further attacks against Sennheiser customers.
Sennheiser was actually using Amazon Web Services (AWS) S3 bucket to keep customers’ data collected from them. However, the company failed to implement any security measures leaving data exposed and accessible to anyone with technical skills.
The exposed data included Full name, Email address, Phone number, Home address, Names of companies requesting samples, and Number of the requesting company’s employees. The server also had a 4 GB SQL database backup but it was protected.
The server was discovered on October 26 and reported to Sennheiser on October 28. Sennheiser took action on November 1.
Even if there was no critical information exposed by the company, this data exposure can still lead to Phishing, Identity theft, mail fraud, Debit or credit card fraud, Mortgage fraud, Tax Fraud, and more.
