Millions of Brazilians exposed in Wi-Fi management software firm leak | ZDNet
A Brazilian Wi-Fi management software firm exposed data of various high profile companies and millions of their customers, it has emerged today.
The data was leaked by WSpot, a software firm providing software that enables businesses to control and secure their on-premise Wi-Fi networks and allow password-free online access to their customers.
The leak was discovered by security research firm SafetyDetectives. The researchers found WSpot’s misconfigured Amazon Web Services (AWS) S3 bucket, which was left open and exposed 10GB worth of data to the public. After discovering the sensitive data on September 2, the researchers contacted the software firm on September 7 and WSpot secured the breach the following day.
Some 226,000 files were exposed in the leak, the researchers noted, including details of approximately 2.5 million individuals who connected to the public Wi-Fi networks provided by WSpot clients. The company’s client portfolio includes major firms such as Pizza Hut, as well as financial services provider Sicredi and healthcare firm Unimed.
According to SafetyDetectives, the set of information exposed included details supplied by individuals in order to access the Wi-Fi service provided by the companies, including full name, email address, full address and taxpayer registration numbers, alongside the login credentials created in the registration process.
Contacted by ZDNet, WSpot confirmed the leak, adding the issue was caused by a “lack of standardization in the management of information [stored] in a specific folder”. The Brazilian company reiterated that it has been working to address the issue since it was contacted about it until the conclusion of technical procedures on November 18.
The company stated that its servers remain intact and were not invaded by malicious actors, and that there is no evidence that the exposed data has been accessed by cybercriminals. However, the software firm also stated that it has hired a security company to fully investigate any repercussions in relation to the data leaked in the incident.
Moreover, WSpot said the issue impacted 5% of its total customer base, and none of its clients had business and/or sensitive information compromised. Additionally, it reiterated that it does not capture financial information such as credit card details, or access credentials to other services. It is unclear whether the company will inform the individuals exposed about the incident.
According to a company spokesperson, the National Data Protection Authority has not yet been contacted about the incident, however “all legal issues surrounding the case are being addressed by WSpot as thoroughly as possible, especially in order to ascertain the next steps” in relation to the incident.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.