Security researchers have discovered a leaky database exposing the personal information of thousands of Sennheiser customers online.
According to vpnMentor’s latest data breach report, the information of 28,000 customers of German-based professional audio solutions manufacturer was discovered on an unprotected Amazon Web Services (AWS) S3 bucket.
The unsecured server, discovered on Oct. 26, contained over 55 GB of data belonging to customers and businesses requesting samples of Sennheiser audio products between 2015 and 2018, including:
- Full names
- Email addresses
- Phone numbers
- Home addresses
- Names of companies requesting samples alongside their number of employees
“The S3 bucket also contained a 4 GB database backup, but this was protected, and for ethical reasons, we didn’t try to gain access,” the researchers said. “While the data breach affected Sennheiser’s customers and suppliers across the globe, the majority of people affected were based in North America and Europe.”
No data is old data
While the exposed data may be old, the chances of customers still using the same email address, phone number and home address are high.
This probability gives any malicious actors that might have accessed the database, plenty of opportunities to conduct targeted phishing attacks against victims.
“If the data was collected using a ’request a sample‘ type form, cybercriminals could use the details to create incredibly convincing phishing emails posing as Sennheiser and trick previous customers into providing additional personal information or clicking a malicious link,” the researcher warned. “Furthermore, due to the number of people exposed in this data breach, cybercriminals would only need to successfully scam a small fraction for any criminal scheme to be considered successful.”
Sennheiser secured the leaky server on Nov. 1 and there has been no evidence of misuse of customer information until now. However, since access by malicious third parties cannot be ruled out, users are advised to be wary of any unsolicited emails and brush up on good cyber practices.
Are you a data breach victim? Use Bitdefender’s Digital Identity Protection service to get real-time alerts for data breaches and privacy threats. You get instant access to a mapping of your online accounts and publicly available data, allowing you to assess your risk levels. The service gives you easy-to-follow one-click action items that allow you to shut down any weak points in your digital footprint so you can stop worrying about what you should do next.