InfoSecBulletin Cybersecurity for mankind
A Google Cloud Storage bucket linked to Alice’s Table, a Shark Tank contestant offering virtual floral arrangement classes, has leaked personal data of over 83,000 customers. Cybernews and Cyble researchers found a misconfigured cloud bucket while investigating.
Researchers found that the Google bucket belonged to Alice’s Table, a company founded by Alice Lewis in 2015 and now part of the 1-800-Flowers family of brands.
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
Palo Alto Networks Confirms critical RCE zero-day actively exploited
CISA, FBI Warns
Hacker compromised multiple teleco network at US
Alice’s Table received a $250,000 investment in 2017 after successfully pitching on ABC’s Shark Tank during Season 9. Mark Cuban and Sara Blakely were the investors.
In addition to floral arrangements, the platform’s “curated live streaming experiences” also include culinary and cocktail workshops. The Google cloud bucket leaked many files with personal information, like emails and home addresses, of clients in the US.
Cybernews has contacted the United States Computer Emergency Readiness Team (US-CERT) regarding the incident and the ticket has been closed on their end.
Neither Alice’s Table nor 1-800-Flowers have responded to Cybernews’ request for comment at the time of publishing.
What data was exposed?
37,349 files were found in the leaking Google Cloud bucket, including 10,183 XLSX and CSV files containing PII. The exposed data included:
Full names
Email addresses
Home addresses
Order details
The leak primarily consisted of personal email addresses, but a “significant portion” were professional email accounts, according to Cybernews researchers. These accounts were connected to companies such as BCG, Pfizer, PwC, Charles Schwab, and government employees.
Business emails are usually seen as semi-confidential and may not have highly classified or private information, but they could still be used to access sensitive information or carry out targeted attacks.
“If business email addresses are leaked, it can lead to various risks such as phishing attacks, spamming, identity theft, and unauthorized access to confidential information,” Cybernews researchers said.
Bad actors could also exploit victims’ personal data for online searches that could further their financial and personal agendas, a tactic commonly referred to as “doxxing.”
The leak of home addresses adds another dimension to the security concerns, exposing victims to potential physical incursions.
Source: Cybernews, Cyble
