WSpot, a WiFi management software, has exposed 10GB of identifiable data belonging to its clients and their customers.
This was spotted by SafetyDetectives, who saw an exposed Amazon S3 bucket of WSpot and informed it for securing. After doing so, WSpot assured that no financial data is involved and is investigating the matter further for learning any mishaps.
WSpot Exposing Customer Data
An improper configuration of cloud servers can always be a pain. Unfortunately, we’ve seen hundreds of such instances in the past, exposing the sensitive data of thousands of millions of users. And now, WSpot joins the list with its own share.
SafetyDetectives researchers reported that their team found an exposed Amazon S3 bucket belonging to WSpot on September 3rd, which was leaking over 10GB worth of data. They informed to WSpot on September 7th and had this exposed server secured on the very next day.
It’s unknown how long the cloud server was left exposed but spotted containing about 226,000 files, leaking identifiable information of more than 2.5 million users. WSpot is a WiFi management software used by businesses to secure their in-house internet hotspot connections and let their customers access the network easily without a password.
Some of its clients include Unimed – a healthcare firm; Sicredi – financial services firm. And Pizza Hut. The details leaked in this incident include full name, email address, full address, and taxpayer registration numbers, along with the login credentials created by the customers of WSpot’s clients at the time of the registration process.
Soon after securing, WSpot said it assigned an external security firm for investigating the incident. While it’s exploring, it assured that their servers are intact and were not subject to any cyberattacks. Future, no financial information was involved since it doesn’t collect anything like that.