The fashion social network of 21 buttons exposes user data via unprotected cloud storage

21 Button La Plataforma APP SL, a Spanish technology startup that offers a fashion social network and clothing store, suffered data breaches due to the records of its users who were discovered online.

The data, discovered and published today by researchers led by Noam Rotem in vpnMentor, was found in an unsecured cloud storage basket at Amazon Web Services Inc. S3. It included 50 million data, including posts and profiles on social media, accounts, full names, addresses, zip codes, bank details, state ID numbers, PayPal email addresses and in some cases the value of the commission for sales earned through the app.

Details of payments to hundreds of influencers across Europe were found in the data, including Carlotta Weber Mazeucos, Freddy Cousin Brown, Marion Caravano, Irsu Saleem and Danielle Metz.

Although the service and “influencers” would be unknown to many, the company is financed with venture capital. According to Crunchbase, 21 Button raised $ 30.7 million in venture capital from investors, including 360 Capital Partners, Sabadell Venture Capital, Kibo Ventures, Breega, Idinvest Partners, JME Ventures, Samaipata and Sputnik Capital.

VpnMentor discovered the data breach on November 2 and notified 21 buttons three times about its exposed data, on November 5, December 12 and 8, without an initial response. The researchers also contacted AWS on November 10 and December 8 about the data on display. The first response was on December 22, and the message said only that the violation notice had been forwarded to the “correspondent department.”

As with all data disclosures of this type, the risk of personally identifiable data disclosure is a gold mine for cyber criminals who can use the data for identity theft, identity theft and other subordinate purposes. The fact that it included so-called “influencers”, a kind of celebrity, adds another dimension to the undoubtedly poor security set by a company that needed to know better.

“Most influential people on social media try to keep their identity information secret and completely hidden,” the researchers noted. “However, by displaying their contact information, home addresses and national ID numbers, the 21 button threatens the privacy of all those affected.”

As the company is based in Spain, it is also bound by the General Data Privacy Regulation of the European Union. The fact that she was informed of the data exposure for more than six weeks and did not act on that information could result in a fine or trial before the law.

Image: 21 buttons

Ever since you’ve been here …

Show your support for our mission by subscribing to our YouTube channel with one click (below). The more subscribers we have, the more YouTube will suggest relevant emerging corporate and technology content. Thanks!

Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.

… We would also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc. business model it is based on the intrinsic value of the content, not the advertising. Unlike many online publications, we do not have a pay wall or run banner advertising because we want our journalism to remain open, without influence or the need to prosecute traffic.Journalism, reporting and commentary on SiliconANGLE, along with a video from our Silicon Valley studio and globalization video teams in theCUBE – It takes a lot of effort, time and money. Maintaining high quality requires the support of sponsors who are in line with our vision of ad-free journalistic content.

If you like reporting, video interviews, and other ad-free content here, take a moment to look at a sample of video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.