The Target: Sennheiser, an audio equipment manufacturer.
The Take: Exposure of Personally Identifiable Information of 28,000 customers including: full names, email address, phone numbers, names of client companies and their employees.
The Vector: An unsecured public facing Amazon S3 storage server was left open on the internet, meaning anyone who navigated to the address would able to view the information in full.
It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data security.