InfoSecBulletin Cybersecurity for mankind
A Google Cloud Storage bucket linked to Alice’s Table, a Shark Tank contestant offering virtual floral arrangement classes, has leaked personal data of over 83,000 customers. Cybernews and Cyble researchers found a misconfigured cloud bucket while investigating.
Researchers found that the Google bucket belonged to Alice’s Table, a company founded by Alice Lewis in 2015 and now part of the 1-800-Flowers family of brands.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Alice’s Table received a $250,000 investment in 2017 after successfully pitching on ABC’s Shark Tank during Season 9. Mark Cuban and Sara Blakely were the investors.
In addition to floral arrangements, the platform’s “curated live streaming experiences” also include culinary and cocktail workshops. The Google cloud bucket leaked many files with personal information, like emails and home addresses, of clients in the US.
Cybernews has contacted the United States Computer Emergency Readiness Team (US-CERT) regarding the incident and the ticket has been closed on their end.
Neither Alice’s Table nor 1-800-Flowers have responded to Cybernews’ request for comment at the time of publishing.
What data was exposed?
37,349 files were found in the leaking Google Cloud bucket, including 10,183 XLSX and CSV files containing PII. The exposed data included:
Full names
Email addresses
Home addresses
Order details
The leak primarily consisted of personal email addresses, but a “significant portion” were professional email accounts, according to Cybernews researchers. These accounts were connected to companies such as BCG, Pfizer, PwC, Charles Schwab, and government employees.
Business emails are usually seen as semi-confidential and may not have highly classified or private information, but they could still be used to access sensitive information or carry out targeted attacks.
“If business email addresses are leaked, it can lead to various risks such as phishing attacks, spamming, identity theft, and unauthorized access to confidential information,” Cybernews researchers said.
Bad actors could also exploit victims’ personal data for online searches that could further their financial and personal agendas, a tactic commonly referred to as “doxxing.”
The leak of home addresses adds another dimension to the security concerns, exposing victims to potential physical incursions.
Source: Cybernews, Cyble
