Archives

web services

Google Cloud opens its Seoul region

Google Cloud today announced that its new Seoul region, its first in Korea, is now open for business. The region, which it first talked about last April, will feature three availability zones and support for virtually all of Google Cloud’s standard service, ranging from Compute Engine to BigQuery, Bigtable and Cloud Spanner.

With this, Google Cloud now has a presence in 16 countries and offers 21 regions with a total of 64 zones. The Seoul region (with the memorable name of asia-northeast3) will complement Google’s other regions in the area, including two in Japan, as well as regions in Hong Kong and Taiwan, but the obvious focus here is on serving Korean companies with low-latency access to its cloud services.

“As South Korea’s largest gaming company, we’re partnering with Google Cloud for game development, infrastructure management, and to infuse our operations with business intelligence,” said Chang-Whan Sul, the CTO of Netmarble. “Google Cloud’s region in Seoul reinforces its commitment to the region and we welcome the opportunities this initiative offers our business.”

Over the course of this year, Google Cloud also plans to open more zones and regions in Salt Lake City, Las Vegas and Jakarta, Indonesia.

PhotoSquared app exposed customer photos and shipping labels

Popular photo printing app PhotoSquared has exposed thousands of customer photos, addresses, and orders details.

At least ten thousand shipping labels were stored in a public Amazon Web Services (AWS) storage bucket. There was no password on the bucket, allowing anyone who knew the easy-to-guess web address access to the customer data. All too often, these AWS storage buckets are misconfigured and set to “public” and not “private.”

The exposed data included high-resolution user-uploaded photos and generated shipping labels, dating back to 2016 and was updating by the day. The app has more than 100,000 users, according to its Google Play listing.

It’s not known how long the storage bucket was left open.

One of the customer orders, including photos and the customer’s shipping address. The exposed storage bucket also had thousands of shipping labels. (Image: TechCrunch)

Security researchers provided the name of the exposed bucket to TechCrunch. We matched a number of shipping labels against existing public records, and contacted PhotoSquared on Wednesday to warn of the exposure.

Keith Miller, chief executive of Strategic Factory, which owns Photosquared, confirmed that the data was no longer exposed, but Miller declined to say if it planned to inform customers or regulators under data breach notification laws.

At the time of writing, PhotoSquared has made no reference to the security lapse on its website or its social media accounts.

An adult sexting site exposed thousands of models’ passports and driver’s licenses

A popular sexting website has exposed thousands of photo IDs belonging to models and sex workers who earn commissions from the site.

SextPanther, an Arizona-based adult site, stored over 11,000 identity documents on an exposed Amazon Web Services (AWS) storage bucket, including passports, driver’s licenses, and Social Security numbers, without a password. The company says on its website that it uses to verify the ages of models who users communicate with.

Most of the exposed identity documents contain personal information, such as names, home addresses, dates of birth, biometrics, and their photos.

Although most of the data came from models in the U.S., some of the documents were supplied by workers in Canada, India, and the United Kingdom.

The site allows models and sex workers to earn money by exchanging text messages, photos, and videos with paying users, including explicit and nude content. The exposed storage bucket also contained over a hundred thousand photos and videos sent and received by the workers.

It was not immediately clear who owned the storage bucket. TechCrunch asked U.K.-based penetration testing company Fidus Information Security, which has experience in discovering and identifying exposed data, to help.

Researchers at Fidus quickly found evidence suggesting the exposed data could belong to SextPanther.

An hour after we alerted the site’s owner, Alexander Guizzetti, to the exposed data, the storage bucket was pulled offline.

“We have passed this on to our security and legal teams to investigate further. We take accusations like this very seriously,” Guizzetti said in an email, who did not explicitly confirm the bucket belonged to his company.

Using information from identity documents matched against public records, we contacted several models whose information was exposed by the security lapse.

“I’m sure I sent it to them,” said one model, referring to her driver’s license which was exposed. (We agreed to withhold her name given the sensitivity of the data.) We passed along a photo of her license as it found in the exposed bucket. She confirmed it was her license, but said that the information on her license is no longer current.

“I truly feel awful for others whom have signed up with their legit information,” she said.

The security lapse comes a week after researchers found a similar cache of highly sensitive personal information of sex workers on adult webcam streaming site, PussyCash.

More than 850,000 documents were insecurely stored in another unprotected storage bucket.

Read more:


Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849.