Ateam Inc., a developer of content for smartphones, disclosed that 935,779 personal data records stored in their cloud service were accessible over the Internet.
The company stated that they use the cloud service ‘Google Drive’ across their group. However, they discovered permission-setting errors in 1,369 files containing personal information.
The issue was identified on November 21st during the evaluation of a security product being considered for implementation within the company group. They made the situation public on December 7th while investigating the details.
“Information pertaining to business partners, customers, and employees such as device identification numbers, customer management numbers, e-mail addresses, names were included within the viewable records. Sensitive personal information or personal data that may cause property damage were not included in the data,” reads the report.
These files, shared by five companies within the group between March 2017 and November 22, 2023, had been set to allow viewing by anyone who had the link. This meant that the files could be accessed by anyone who could determine the specific URL.
The personal information contained in these files, excluding duplicates, amounted to 937,779 records. Of these, 925,728 records were personal information of customers who had used services or apps operated by the company group.
The types of information varied depending on the file but included names, addresses, phone numbers, email addresses, customer management numbers, and device identification numbers.
Source: Original Post