Weight Watchers Swears No Customer Data Exposed After Dozens of Servers Found Publicly Accessible6/11/2018
https://ift.tt/2y246Sw
Weight Watchers Swears No Customer Data Exposed After Dozens of Servers Found Publicly Accessible https://ift.tt/2JrKgW0 Dozens of servers containing Weight Watcher’s data were left exposed after the company failed to password protect software used for managing application containers, according to German cybersecurity firm Kromtech. An Amazon cloud infrastructure used by Weight Watchers was left vulnerable—46 Amazon S3 buckets in total—including logs, passwords, and private encryption keys, Kromtech found. Advertisement Weight Watchers denies that any of the data left publicly accessible was sensitive; the Amazon account linked to the exposure was a “testing environment used only to test new services and features,” Weight Watchers said in an email to Gizmodo. Bleeping Computer first reported the incident on Monday, but said that Weight Watchers had not responded to a request for comment. “To be able to test innovate securely, we keep test environments completely separate from production environments,” the company told Gizmodo. Advertisement Weight Watchers added that its internal team and a third-party forensics company investigated the incident and that “each has independently confirmed that there was no indication that any personally identifiable information was exposed,” a spokesperson said. A Kromtech spokesperson, however, said the researchers remain skeptical. “We absolutely think it was a production account,” said the firm, which unearthed more than 560 million passwords in an unrelated data breach last year. The exposure was the result of a misconfigured Kubernetes instance, Kromtech said. Kubernates is a tool developed by Google for managing large numbers of applications. Notably, a Kubernetes instance on Telsa’s cloud infrastructure was hacked earlier this year, and then used by the perpetrators to mine cryptocurrency. Advertisement Kromtech did not attempt to access any of the data for legal reasons, and thus was unable to confirm whether any of it was sensitive. The firm said in its report:
“We responded immediately to resolve the issue and have implemented safeguards to prevent it from recurring,” Weight Watcher said. “We appreciate the efforts the security community makes to responsibly disclose concerns to improve the state of security on the Internet.” Got a tip? Email the reporter: dell@gizmodo.com Digital Trends via Gizmodo http://gizmodo.com June 11, 2018 at 09:54AM
0 Comments
Leave a Reply. |
Categories
All
Archives
October 2020
|