A cloud misconfiguration at a now-defunct social media app Fleek, has uncovered hundreds of thousands of explicit images of customers that they thought had been deleted. Fleek was once seen as an unfiltered and uncensored choice to Snapchat “Campus Stories.” A hit with US college students, it promised to automatically delete pictures after a short period, encouraging customers to publish salacious photographs of themselves engaged in sexually explicit and unlawful activities.
A group led by Noam Rotem found AWS S3 misconfigured buckets October last year belonging to the now defunct Fleek and owner Squid Inc. The researchers found that not was this not true but many images were still available on the amazon bucket for download months after the service ceased to exist.
Fleek customers were mostly university students naive of the implications of importing snap shots that exhibit them attractive in embarrassing and crook activities, such as drug use. If cyber-criminals acquired these pictures and knew how to locate the people exposed, they ought to effortlessly target them and blackmail them for giant sums of money.”
In total, the research crew located around 377,000 archives in the 32GB bucket. This additionally included pictures and bot scripts.
Having contacted both Squid Inc’s founder and AWS to notify about the privacy ISSUE vpnMentor discovered the bucket had been secured about a week after it was discovered. However, it is uncertain whether the information has been deleted or not.
It is important to understand from service provider what happens to your data if the service ceased to exist in the case of Fleek. Often, with smaller companies, the companies keeps possession of the data, and there’s very little accountability stopping them from misusing it or sharing with others in the future.”