The personal data of more than 3 million US senior citizens was exposed in a security oversight by SeniorAdvisor, a review website. Researchers at security firm WizCase discovered the leak.
WizCase’s security team led by Ata Hakcil has found a major breach affecting a bucket owned by SeniorAdvisor, one of the largest consumer ratings and reviews websites for senior care and services across the United States and Canada. This breach compromised users’ names, surnames, phone numbers, and more.
The WizCase team said they also found around 2,000 ‘scrubbed’ reviews, from which the user’s sensitive information had been wiped or redacted. However, these reviews had a lead ID that could be used to trace the review back to post’s author.As the researchers point out, the greatest danger from this breach is the fact that senior citizens are particularly vulnerable to fraud.
What Data Was Leaked?
This leak left over 3,000,000 people vulnerable exposing PIIs such as surnames, emails, phone numbers, and dates contacted. These contact dates suggest the files are from 2002 to 2013, but the files themselves were timestamped 2017. The majority of data exposed was in the form of leads, a list of potential customers whose details were collected by SeniorAdvisor presumably via their email or phone call campaigns
What Are the Risks?
Scams, Phishing, and Malware: The PIIs in the leads files could be used for a variety of scams and phishing attempts. This can include phishing emails that trick the user into inputting sensitive data into malicious websites, adding the user to a robodialer list.
Corporate Espionage: Many companies invest a lot of money to acquire leads. In this case, competitors could use the massive amount of data exposed to grow their customer base to reach potential customers.
Unfortunately, cybercriminals are always generating new methods to exploit anyone vulnerable on the Internet. If you and your company are in urgent need of support please fill out the form and we will help you immediately.