The Target: Doctors Me, a private self-assessment health service company located in Japan.
The Take: Exposure of 300,000 records of nearly 12,000 customers. The exposed information was a collection of symptom photos, in many cases, exposing the customer’s faces.
The Vector: A misconfigured Amazon S3 storage server was left open online, meaning anyone with internet access could have viewed and downloaded the data.
While the photos were uploaded anonymously, attackers can cross reference these pictures with other social media sties and craft extremely effective spear-phishing campaigns, as well engage in fraud and blackmail. This breach is another critical reminder of the importance of airtight credential management at all points of access for firms. Ensuring two-factor and comprehensive user authentication is paramount for a robust cybersecurity posture.