Security researchers at UpGuard found the misconfigured Amazon S3 bucket which contained full name, gender, geographic location (address) and buying behavior of more than 120 million Americans. It was found that the database belonged to a market analysis company Tetrad.
The exposed Amazon S3 bucket also included: data extracted from Chipotle employees’ mobile phone for tracking, a spreadsheet containing home addresses of 700K Kate Spade customers and 3.5 million loyalty card accounts for beverage retailer Bevmo, including physical address tied to each account.
After founding the misconfigured database, the security company UpGuard concluded, “Digital technology does not just enable the accumulation of behavioral data; it also makes possible the unintentional exposure of that data en masse. In this case, multiple data sources, from other companies’ data products like Experian Mosaic to retailers’ customer loyalty programs, were combined in one storage bucket that was misconfigured for public access.”