Connect with us

News

Sennheiser exposed the data of thousands of customers in an unsecured server

The data bucket contained 55 GB of personal information from Sennheiser customers.

Sennheiser HD 458BT wireless noise-canceling headphones
Image: KnowTechie

Sennheiser, a German manufacturer of high-quality audio equipment, was recently found to have left an unsecured AWS server floating around the internet for years. The server contained dozens of gigabytes of information on more than 28,000 Sennheiser customers.

A new report from vpnMentor, which discovered the unsecured data, details how the server was located. Researchers say that Sennheiser was utilizing an Amazon Web Service (AWS) S3 bucket to store large files of data that it had collected from customers.

These buckets are apparently a popular option among businesses for storing large data files. But it is up to the individual businesses to define the security settings for each individual bucket, something vpnMentor says Sennheiser failed to do in this instance.

As a result, more than 55GB of data from over 28,000 people was left wide open on the internet for just about anyone to access. The bucket had apparently been dormant since 2018. But it was still unsecured and contained all kinds of sensitive customer data.

sennheiser data leak
Image: vpnMentor

Researchers concluded that the data stored in this bucket was from individuals and businesses that requested samples of Sennheiser products. Information found in the bucket included full names, email addresses, phone numbers, home addresses, and company and employee names.

With that kind of information, criminals could have the perfect starting point to commit all kinds of crimes, whether it’s identity theft or a phishing scam. Obviously, this was a huge oversight from Sennheiser.

Fortunately, vpnMentor says it contacted the company once it found the breach back in October. Sennheiser apparently secured the S3 bucket shortly after. Still, it’s pretty concerning to hear reports like this about people’s data floating around the web for anyone to see.

Hopefully, Sennheiser takes this breach seriously and we don’t hear about any more data breaches from the company going forward.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Contributing writer with a passion for gaming and tech. Probably getting wrecked by some kids in Rocket League.

Comments

More in News