Trend social community 21 Buttons exposes person knowledge through unsecured cloud storage
21 buttons La Plataforma APP SL, a Spain-based technology startup that offers a fashion social network and clothing store, has suffered a data breach with its users’ records posted online.
The data was discovered and published today by researchers led by Noam Rotem at vpnMentor and found in an unsecured S3 cloud storage bucket owned by Amazon Web Services Inc. It contained 50 million pieces of data, including social media posts and profiles, bills, full names, addresses, zip codes, bank details, nation ID numbers, PayPal email addresses and, in some cases, the value of those about the app earned sales commission.
The data found details of payments to hundreds of influencers across Europe, including Carlota Weber Mazeucos, Freddy Cousin Brown, Marion Caravano, Irsa Saleem and Danielle Metz.
Although the service and the “influencers” would be unknown to many, the company is financed with venture capital. According to Crunchbase, 21 Buttons has raised $ 30.7 million in venture capital from investors including 360 Capital Partners, Sabadell Venture Capital, Kibo Ventures, Breega, Idinvest Partners, JME Ventures, Samaipata, and Sputnik Capital.
VpnMentor discovered the data breach on November 2nd and notified 21 Buttons of its disclosed data three times, on November 5th, November 12th and December 8th, with no initial response. The researchers contacted AWS on November 10 and December 8 about the exposed data. The first response was on December 22nd with the message that notification of a violation was only forwarded to the “Correspondence Department”.
As with all data exposures of this type, the risk of personal information disclosure is a gold mine for cyber criminals who can use the information for phishing, identity theft, and other nefarious purposes. The fact that they are so-called “influencers,” celebrities, adds another dimension to the arguably pathetic security of a company that should have known better.
“Most social media influencers try to keep their PII data secret and completely hidden,” the researchers found. “However, by disclosing their contact details, private addresses and national ID numbers, 21 Buttons has endangered the privacy of everyone concerned.”
Since the company is based in Spain, it is also bound by the General Data Protection Regulation of the European Union. The fact that the company has been aware of the data exposure for more than six weeks and has not responded to the information could result in a fine or legal action.
Image: 21 keys
Since you are here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant business and new technology content to you. Many Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We would also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content and not on advertising. Unlike many online publications, we don’t have a paywall or banner ads as we want to keep our journalism open with no influence or need to follow traffic.The journalism, coverage and commentary on SiliconANGLE – along with live non-scripted videos from our Silicon Valley studio and global video teams from the cube – Take a lot of hard work, time, and money. In order to keep the quality high, sponsors must be supported who correspond to our vision of advertising-free journalistic content.
If you enjoy the coverage, video interviews, and other ad-free content here, please take a moment to review an example of the video content sponsored by our sponsors. tweet your supportand keep coming back to SiliconANGLE.