21 buttons, a fashion targeted e-commerce platform has leaked PII of hundreds of its users, since hosting its app on a misconfigured AWS bucket. The data was left exposed for over a month and contained sensitive data including the financial information and how much influencers had been paid by brands.
21 Buttons Data Leak
21 Buttons is an e-commerce platform where influencers showcase their fashionable outfits and sell them for commissions. Influencers here set purchase buttons to respective brand sites, where if the visitor buys those outfits using their path, they earn commission rewards for influencers.
Vpnmentor, a cybersecurity firm has reported that 21 Buttons’ app, which is hosted on a misconfigured AWS bucket, has been leaking data for over a month. They discovered this on 2nd November 2020 and reported to 21 buttons immediately, only to receive a reply on 22nd December.
While it’s unknown whether it was rectified or not yet, researchers said the exposed data contained over 50 million files, which include the users’ full names, addresses, photos, videos, and financial information like bank account numbers and PayPal email addresses.
Also Read- Sites Like Wish for Online Shopping
Also, there are over 400 invoices revealing how much commissions were paid out by brands to influencers. These receipts belong to several influencers including Carlota Weber Mazuecos, Freddy Cousin Brown, Danielle Metz, Irsa Saleem, and Marion Caravano.
Researchers warned of the potential cyber threats that could happen from this data exposure, like phishing emails and identity theft.
Also, it’s unknown whether someone has accessed the data while it’s left exposed. If accessed, unwanted events like the above can happen, as suggested by researchers. Thus, server owners are suggested to secure their private databases to avoid any attacks against their customers.