Sennheiser, the famous audio gadget maker, had left one of its Amazon S3 buckets open, exposing sensitive data of over 28,000 customers.
Though this was secured after being informed, the exposure could be leveraged for various malicious activities if found by the threat actor before. Thus, customers of Sennheiser from North America and Europe are advised to be cautious, who submitted any details to the company in the past.
Exposing Customers PII
Companies exposing their customers’ data due to improper storage configurations have become normal lately. The latest one joining this pack is the popular German audio gadget maker – Sennheiser.
Being in business since 1945, Sennheiser is still a privately owned business maintained by the founder’s family. It produces audio equipment like headphones, microphones, sound recorders, and aviation headsets for individuals and businesses.
In late October this year, the vpnmentor researchers found an exposed Amazon S3 bucket belonging to Sennheiser, containing sensitive data of thousands of customers. The data collected isn’t known but could be submitted by customers asking Sennheiser for product samples.
One of the most popular audio companies on the planet exposed 10,000s of customers and suppliers to fraud in a massive data breach. Find out how it happened and how we discovered the breach. https://t.co/KGN8vYrWnE
— vpnMentor (@vpnmentor) December 16, 2021
Thus, the contents of exposed information include;
- Full names
- Email addresses
- Phone numbers
- Home addresses, and
- Names of companies requesting samples of over 28,000 customers from 2015-2018.
This was soon informed to Sennheiser, and the company responded by securing the servers within a week. However, while it’s secured now, it’s unknown whether anyone has accessed the exposed bucket before researchers, putting the concerned customers at risk.
With the above details being leaked, customers can be subjected to identity theft, tax fraud, insurance fraud, mail fraud, bank account takeover, debit or credit card fraud, or mortgage fraud or data storage format, said, researchers.
While Sennheiser hasn’t come up with an announcement yet, it’s the customers’ job to safeguard themselves from any potential cyberattacks. It was found that most impacted customers are from North America and Europe, so should watch out for any hacks carefully.