https://techcrunch.com/2019/07/25/formget-security-lapse-exposed-documents/
By Zack Whittaker
TechCrunch
July 25, 2019
If you’ve used FormGet in the past few years, there’s a good chance we know
about it.
FormGet bills itself as an online form maker and email marketing company based
in Bhopal, India. The company allows its 43,000 customers to create online
forms so others can submit their resumes or apply for a job, or provide proof
of address or employment, buy goods online and more.
How do we know? Because the company left one of its cloud storage servers
online and exposed without a password.
An anonymous security researcher found FormGet’s exposed Amazon S3 storage
bucket and informed TechCrunch in the hope of getting the data secured. FormGet
pulled the bucket offline overnight after we reached out to the company on
Wednesday. But the company’s founder and chief executive Neeraj Agarwal did not
respond to several emails and follow-ups requesting comment.
The storage bucket was packed with hundreds of thousands of files and
documents. The storage bucket had a folder for each year dating back to 2013
and contained sub-folders for each month, filled with user-uploaded documents.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
