• Two top PDF tools have been found leaking user documents and data

    From TechnologyDaily@1337:1/100 to All on Fri Jul 12 14:15:05 2024
    Two top PDF tools have been found leaking user documents and data online

    Date:
    Fri, 12 Jul 2024 14:10:22 +0000

    Description:
    An Amazon S3 bucket was kept unlocked and available for anyone who knew where to look.

    FULL STORY ======================================================================

    Two top PDF maker tools, both owned by the same company, reportedly operated
    a misconfigured database leaking sensitive user data to the wider internet
    via an exposed Amazon S3 bucket.

    Researchers from Cybernews claim PDF Pro and Help PDF have so far leaked more than 89,000 documents, and apparently continue to do so. The tools are owned by the same legal entity, registered in the UK and have a similar design, as both offer similar services - PDF conversion, compression, editing, and document signing.

    In the meantime, users keep uploading sensitive files, including passports, driving licenses, different certificates, contracts, as well as other documents and information, oblivious to the fact these are now up for grabs
    to anyone who knows where to look. Unprotected databases

    With access to personal documents, criminals can engage in various fraudulent activities such as applying for loans, renting properties, or purchasing expensive items using the victim's identity, the researchers said.

    At the same time, the company leaking the information could be facing major fines, if some of the documents belong to the citizens of the European Union (EU) since, in that case, they fall under strict GDPR rules.

    The company is currently keeping quiet, but its safe to assume that the
    Amazon S3 bucket will be locked down soon enough (if it wasnt already, as youre reading this).

    Unprotected databases continue to be one of the biggest causes of information spills and data breaches. Many companies, including large enterprises and
    even government organizations, have so far managed to leak millions of data records, with employees erroneously keeping an archive on the internet and without any protections.

    Online services, especially free ones, arent exactly famous for their data protection practices, so being extra careful is advised in any case. More
    from TechRadar Pro Top global network service provider apparently leaks hundreds of millions of user accounts Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/two-top-pdf-tools-have-been-found-leaki ng-user-documents-and-data-online


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)