Seeing a timeline of people merrily uploading their photos to Popsugar’s #Twinning app yesterday prompted me to go full Scrooge:
So we're giving Popsugar a nice big facial recognition database? Is that what we're all doing now?
— Dave Lee (@DaveLeeBBC) December 31, 2018
But then, TechCrunch did some real digging into the site’s code, and found:
All of the uploaded photos are stored in a storage bucket hosted on Amazon Web Services. We know because the web address of the bucket is in the code on the Twinning tool’s website. Open that in your web browser, and we saw a real-time stream of uploaded photos.
The hole does appear to be fixed. No real harm done, I suppose – those pictures are being uploaded by people presumably with the very intention of sharing them on social media, so it’s hardly data breach of the year (there’s still time for one more whopper, as I write this).
I must ask, though: how often will we continue to see major data breaches occurring thanks to misconfigured AWS buckets/open AWS database information? Uber, GoDaddy, Verizon, Accenture, the NSA … and many more … all due to mismanaged AWS accounts.
Dear companies that hold our data: In 2019, do better.