InfoSecBulletin Cybersecurity for mankind
A Google Cloud Storage bucket linked to Alice’s Table, a Shark Tank contestant offering virtual floral arrangement classes, has leaked personal data of over 83,000 customers. Cybernews and Cyble researchers found a misconfigured cloud bucket while investigating.
Researchers found that the Google bucket belonged to Alice’s Table, a company founded by Alice Lewis in 2015 and now part of the 1-800-Flowers family of brands.
Check Point said BreachForum post old data
Apple Warns of 3 Zero Day Vulns Actively Exploited
24,000 unique IP attempted to access Palo Alto GlobalProtect portals
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
Alice’s Table received a $250,000 investment in 2017 after successfully pitching on ABC’s Shark Tank during Season 9. Mark Cuban and Sara Blakely were the investors.
In addition to floral arrangements, the platform’s “curated live streaming experiences” also include culinary and cocktail workshops. The Google cloud bucket leaked many files with personal information, like emails and home addresses, of clients in the US.
Cybernews has contacted the United States Computer Emergency Readiness Team (US-CERT) regarding the incident and the ticket has been closed on their end.
Neither Alice’s Table nor 1-800-Flowers have responded to Cybernews’ request for comment at the time of publishing.
What data was exposed?
37,349 files were found in the leaking Google Cloud bucket, including 10,183 XLSX and CSV files containing PII. The exposed data included:
Full names
Email addresses
Home addresses
Order details
The leak primarily consisted of personal email addresses, but a “significant portion” were professional email accounts, according to Cybernews researchers. These accounts were connected to companies such as BCG, Pfizer, PwC, Charles Schwab, and government employees.
Business emails are usually seen as semi-confidential and may not have highly classified or private information, but they could still be used to access sensitive information or carry out targeted attacks.
“If business email addresses are leaked, it can lead to various risks such as phishing attacks, spamming, identity theft, and unauthorized access to confidential information,” Cybernews researchers said.
Bad actors could also exploit victims’ personal data for online searches that could further their financial and personal agendas, a tactic commonly referred to as “doxxing.”
The leak of home addresses adds another dimension to the security concerns, exposing victims to potential physical incursions.
Source: Cybernews, Cyble
