Sennheiser exposed the data of thousands of customers in an unsecured server
The data bucket contained 55 GB of personal information from Sennheiser customers.
Sennheiser, a German manufacturer of high-quality audio equipment, was recently found to have left an unsecured AWS server floating around the internet for years.
The server contained dozens of gigabytes of information on more than 28,000 Sennheiser customers.
A new report from vpnMentor, which discovered the unsecured data, details how the server was located.
Researchers say that Sennheiser was utilizing an Amazon Web Service (AWS) S3 bucket to store large files of data that it had collected from customers.
These buckets are apparently a popular option among businesses for storing large data files. But it is up to the individual businesses to define the security settings for each individual bucket, something vpnMentor says Sennheiser failed to do in this instance.
As a result, more than 55GB of data from over 28,000 people was left wide open on the internet for just about anyone to access.
The bucket had apparently been dormant since 2018. But it was still unsecured and contained all kinds of sensitive customer data.
Researchers concluded that the data stored in this bucket was from individuals and businesses that requested samples of Sennheiser products. Information found in the bucket included full names, email addresses, phone numbers, home addresses, and company and employee names.
With that kind of information, criminals could have the perfect starting point to commit all kinds of crimes, whether it’s identity theft or a phishing scam. Obviously, this was a huge oversight from Sennheiser.
Fortunately, vpnMentor says it contacted the company once it found the breach back in October. Sennheiser apparently secured the S3 bucket shortly after. Still, it’s pretty concerning to hear reports like this about people’s data floating around the web for anyone to see.
Hopefully, Sennheiser takes this breach seriously and we don’t hear about any more data breaches from the company going forward.
Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
- Apple lets you pick who gets your iCloud data if (when) you die. Here’s how to set it up
- How to stop Life360 from selling your location data
- For the love of all that is holy, stop using these terrible passwords
- 40 million people had their healthcare information hacked in 2021