WizCase has found a major breach affecting a bucket owned by SeniorAdvisor, “one of the largest consumer ratings and reviews websites for senior care and services across the United States and Canada.” This breach compromised users’ names, surnames, phone numbers, and more. Millions of people were left vulnerable in the misconfigured bucket. There was no need for a password or login credentials to access this information, and the data was not encrypted.
The misconfigured S3 bucket left over 3,000,000 people vulnerable exposing PIIs such as surnames, emails, phone numbers, and dates contacted. These contact dates suggest the files are from 2002 to 2013, but the files themselves were timestamped 2017. The majority of data exposed was in the form of leads, a list of potential customers whose details were collected by SeniorAdvisor presumably via their email or phone call campaigns.
