Two major PDF creator programs, both owned by the same company, are believed to have used a misconfigured database, resulting in sensitive user data leaking to the Internet via an exposed Amazon S3 bucket.
Researchers from Cyber News claim that PDF Pro and Help PDF have leaked over 89,000 documents so far, and apparently are still doing so. The tools are owned by the same legal entity, registered in the UK, and have a similar design, as both offer similar services – PDF conversion, compression, editing, and document signing.
Meanwhile, users continue to upload confidential files such as passports, driver’s licenses, various certificates, contracts and other documents and information, without realizing that anyone who knows where to look can view them.
Unprotected databases
“With access to personal documents, criminals can engage in various fraudulent activities, such as applying for loans, renting property, or purchasing expensive items using the victim’s identity,” the researchers said.
At the same time, the company that leaks the information can face heavy fines if the documents are owned by European Union (EU) citizens, as they fall under the strict GDPR rules.
The company is keeping quiet at the moment, but it’s safe to assume that the Amazon S3 bucket will be locked down soon (if it hasn’t already been, as you read this).
Unprotected databases remain one of the biggest causes of information leaks and data breaches. Many companies, including large enterprises and even government organizations, have so far managed to leak millions of data records, with employees falsely maintaining an archive on the internet and having no protection whatsoever.
Online services, and especially free ones, are not exactly known for their good data protection practices. Therefore, it is advisable to be extra careful in any case.