InfoSecBulletin Cybersecurity for mankind
A Google Cloud Storage bucket linked to Alice’s Table, a Shark Tank contestant offering virtual floral arrangement classes, has leaked personal data of over 83,000 customers. Cybernews and Cyble researchers found a misconfigured cloud bucket while investigating.
Researchers found that the Google bucket belonged to Alice’s Table, a company founded by Alice Lewis in 2015 and now part of the 1-800-Flowers family of brands.
Ransomware hit Bangladeshi Globe Pharmaceuticals Ltd
Joint cybersecurity advisory
Botnet infects 260,000 SOHO routers, IP cameras with malware
Chrome 129 Released Fix with multiple Security Flaws
Broadcom fixed RCE bug in VMware vCenter Server
Cybercriminal now misuse Microsoft Azure tool to steal data
Apple warns users to install iOS 18 to Fix 33 iPhone Vulnerabilities
CISA adds windows and whatsUp Gold vuls to its KEV
Petroleum and Fuel Industry
FleetPanda exposes Nearly One Million Documents
DESCO faces cyber attack: Customers Data Breach
Alert! Google Fixes GCP Composer Flaw
Alice’s Table received a $250,000 investment in 2017 after successfully pitching on ABC’s Shark Tank during Season 9. Mark Cuban and Sara Blakely were the investors.
In addition to floral arrangements, the platform’s “curated live streaming experiences” also include culinary and cocktail workshops. The Google cloud bucket leaked many files with personal information, like emails and home addresses, of clients in the US.
Cybernews has contacted the United States Computer Emergency Readiness Team (US-CERT) regarding the incident and the ticket has been closed on their end.
Neither Alice’s Table nor 1-800-Flowers have responded to Cybernews’ request for comment at the time of publishing.
What data was exposed?
37,349 files were found in the leaking Google Cloud bucket, including 10,183 XLSX and CSV files containing PII. The exposed data included:
Full names
Email addresses
Home addresses
Order details
The leak primarily consisted of personal email addresses, but a “significant portion” were professional email accounts, according to Cybernews researchers. These accounts were connected to companies such as BCG, Pfizer, PwC, Charles Schwab, and government employees.
Business emails are usually seen as semi-confidential and may not have highly classified or private information, but they could still be used to access sensitive information or carry out targeted attacks.
“If business email addresses are leaked, it can lead to various risks such as phishing attacks, spamming, identity theft, and unauthorized access to confidential information,” Cybernews researchers said.
Bad actors could also exploit victims’ personal data for online searches that could further their financial and personal agendas, a tactic commonly referred to as “doxxing.”
The leak of home addresses adds another dimension to the security concerns, exposing victims to potential physical incursions.
Source: Cybernews, Cyble
