Cybernews reports that Lifeprint, which manufactures instant mobile photo printers, has inadvertently leaked more than 8 million files due to a bucket misconfiguration.Among the data exposed by the public cloud bucket were over 100,000 iPhone and Android users' usernames, email addresses, and printing statistics, as well as 2 million photos and exported user details, according to Cybernews researchers. Several Lifeprint printer firmware versions and a private encryption key were also included in the data trove, which could be exploited by threat actors to develop illicit firmware to take over the mobile printers. Despite being notified in late July, Lifeprint parent C+A Global has yet to address the security issue."This leak shows multiple deviations from best practices, such as not properly segregating user data, publishing cryptographic keys together with the firmware, not employing proper access controls to ensure that only the intended users would be able to access their files and data," said researchers.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds