SoylentNews

upstart writes in with an IRC submission:

Online marketing company exposes 38+ million US citizen records:

The CyberNews research team discovered an unsecured data bucket that belongs to View Media, an online marketing company. The bucket contains close to 39 million US user records, including their full names, email and street addresses, phone numbers and ZIP codes.

The database was left on a publicly accessible Amazon Web Services (AWS) server, allowing anyone to access and download the data. Following the 350 million email leak covered by CyberNews earlier in August, this is the second time this summer we encountered an unsecured Amazon bucket containing such massive amounts of user data.

On July 29, the exposed View Media bucket was closed by Amazon and is no longer accessible.

[...] The unsecured Amazon S3 bucket appears to belong to View Media, an online marketing company that specializes in email marketing, display advertising, design, hosting, direct mails, date sales, and other digital marketing services. The company offers targeted marketing services to American publishing brands like Tribune Media and Times Media Group.

Apart from millions of user records, the bucket also contains thousands of marketing newsletters, promotional flyer designs, banner ads, and statement of work documents created by View Media for its clients.

[...] Because we were initially unable to identify the owner of the unsecured bucket, we contacted Amazon on July 27 to help them secure the database. They were able to close the bucket on July 29.

We then reached out to one of the marketing company's clients mentioned in the statement of work documents that were stored on the bucket, who helped us identify View Media as the owner of the database on August 21. On August 24, we contacted View Media for an official comment regarding the leak. However, we received no response from the company.

Original Submission