Breastcancer.org’s misconfigured bucket has exposed hundreds of thousands of files containing sensitive images belonging to the website’s users.
The exposed information included over 350,000 files, totaling around 150 GB of data containing over 50,000 User avatars and over 300,000 Post pictures.
It also contained EXIF data containing Device details, i.e. brand and model of the camera used and GPS location of the captured image.
Source: https://www.safetydetectives.com/news/breastcancer-leak-report/
TPRM report: https://scoringcyber.rankiteo.com/company/breastcancer.org
"id": "bre234317822",
"linkid": "breastcancer.org",
"type": "Breach",
"date": "05/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"
{'affected_entities': [{'industry': 'Healthcare',
'name': 'Breastcancer.org',
'type': 'Organization'}],
'attack_vector': 'Misconfigured Bucket',
'data_breach': {'file_types_exposed': ['Images'],
'number_of_records_exposed': ['50,000 User avatars',
'300,000 Post pictures'],
'personally_identifiable_information': ['Device details',
'GPS location'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Images', 'EXIF Data']},
'description': 'Breastcancer.org’s misconfigured bucket has exposed hundreds '
'of thousands of files containing sensitive images belonging '
'to the website’s users.',
'impact': {'data_compromised': ['User avatars', 'Post pictures', 'EXIF data']},
'title': 'Breastcancer.org Data Exposure',
'type': 'Data Exposure',
'vulnerability_exploited': 'Misconfiguration'}