The data includes full name, addresses, and taxpayer registration numbers
A Brazilian Wi-Fi management software firm exposed data of various high profile companies and millions of their customers. The data was leaked by WSpot, which provides software that enables businesses to secure their on-premise Wi-Fi networks and allow password-free online access to their customers.
The security research firm SafetyDetectives discovered the data leak. The researchers spotted WSpot’s misconfigured Amazon Web Services (AWS) S3 bucket, that was left open and exposed 10GB worth of data to the public.
After discovering the sensitive data on September 2, the researchers contacted the software firm and the company secured the breach immediately.
Around 226,000 files were exposed in the leak and the leaked data include personal information from approximately 2.5 million individuals who connected to the public Wi-Fi networks provided by WSpot clients.
The company’s client portfolio includes Pizza Hut, financial services provider Sicredi, and healthcare firm Unimed.
According to SafetyDetectives, the set of information exposed included details supplied by individuals in order to access the Wi-Fi service provided by the companies. This includes full name, email address, full address, and taxpayer registration numbers — in addition to the login credentials created in the registration process.
WSpot confirmed the leak and stated that the issue was caused by a lack of standardization in the management of information in a specific folder.
The Brazilian company said that they have worked to address the issue since it was contacted about it until the conclusion of technical procedures on November 18.
WSpot states that its servers remain intact and were not invaded by malicious actors and also assured that there is no evidence that the exposed data has been accessed by cybercriminals.
The software firm has also hired a security company to fully investigate any consequences in relation to the data leaked in the incident.
It is not sure whether the company will inform the individuals exposed about the incident.