A healthy body will not protect you from hackers online
On Sunday, May 2, BGR reported about a certain healthy recipes website called ‘Paleohacks.’ Turns out, this software is facing a terrible data leak since 2015, up until today, according to security researchers from VPNMentor. Surprisingly, the said software has not yet released any statements clarifying about the incident. Here’s how bad this problem is.
Be careful in using this site!
If you’re using the Los Angeles-based website Paleohacks for your healthy meals, you might also think of changing your account passwords now. Security site VPNMentor.com released a research about the recipe site on April 29.
Led by their team’s Noam Rotem, the research claims that over 70,000 users of the said site might probably be victims of massive data breach in its system. What’s worse is that the site’s user data from 2015 until 2020 were all part of the alleged data leak, and the health site seemed unaware of the situation.
How they find it
According to VPNMentor, Paleohacks was apparently using a Amazon Web Services S3 bucket to store their user data. Though AWS is a secured way for sites, it requires clients to set up data privacy protocols manually when creating the S3 bucket account. Apparently, Paleohacks failed to do this process.
“By combining a customer’s PIII data with records of their purchases and orders on the Paleohacks website, a criminal enterprise could create highly effective phishing emails posing as the company and trick customers into providing additional data and credit card details. They could also be enticed into clicking a link embedded with malware, spyware, or another form of malicious software,” detailed explanation from VPNMentor.
All customer data including email addresses, IP addresses, birth dates, bios, and other necessary data the site was storing were allegedly available for hackers to fetch online. VPNMentor even proved their point by saying at the end of their article: “Our team was able to access Paleohacks’ S3 bucket because it was completely unsecured and unencrypted.”
“We may use your personal information, transfer your personal information, and/or sell your personal information for any legal purpose, including, without limitation: (1) to deliver the products and/or services to you that you have requested; (2) to validate your compliance with the terms and conditions; (3) for content improvement and feedback purposes; (4) to reach you, when necessary, regarding your use of the web site or product(s); and (5) to bring retail opportunities and promotional offers to you by email, direct mail, telemarketing, and/or online banner advertising,” excerpt from the site.
What to do on data breach
One thing you must know in facing data breach problems is to stay calm and immediately change all passwords– or better yet the entire email addresses. In this way, hackers will not have the control to gain access on your account, caused by the breach.