United Arab Emirates-based global fashion and retail conglomerate Apparel Group — which distributes over 80 brands, including Adidas, Asics, Calvin Klein, and Levi's — had almost 2.4 million files exposed as a result of a misconfigured AWS bucket, reports Cybernews.
Most of the inadvertently leaked files were shipping labels that included customers' full names, home addresses, phone numbers, and order information, which could be exploited by malicious actors in phishing and social engineering intrusions that could lead to malware compromise, according to Cybernews researchers, who discovered the unprotected bucket in October.
"Messages that reference products or services related to the leaked order information can entice victims to click on malicious links or harmful attachments. Unsuspecting victims could be guided to install stealer malware, leading to even further data loss," said researchers.
Organizations have been urged to better protect AWS buckets by implementing more robust access controls, tracking access logs, and leveraging AWS Key Management Service, on top of other security best practices.
