Alice’s Table, a popular virtual floral arrangement platform, recently faced a major data breach due to a misconfigured Google Cloud Storage bucket. The breach exposed the personal data of over 83,000 customers, including sensitive information such as names, email addresses, home addresses, and order details.
Cybernews researchers discovered the exposed Google Cloud bucket during a routine investigation in April. The bucket contained tens of thousands of files, including personally identifiable information (PII) from both personal and corporate email accounts. This breach raises concerns about the security risks associated with business email addresses being used for phishing attacks and identity theft. Additionally, the exposure of home addresses puts individuals at risk of physical intrusions.
Misconfigured cloud storage buckets, like the one linked to Alice’s Table, are a common security risk that can lead to serious consequences such as data breaches and unauthorized data exfiltration. These misconfigurations often include publicly accessible buckets, incorrect permissions, missing encryption, and weak access controls. The wide prevalence of misconfigured buckets has been a significant concern, with studies showing millions of publicly accessible buckets containing sensitive data ranging from financial information to medical records.
Preventing misconfigured cloud storage buckets requires strong access controls, encryption of data at rest and in transit, regular security settings reviews, and the use of cloud security tools like Cyble’s CTI and Odin offerings. By implementing these best practices, organizations can reduce the risk of data breaches and protect sensitive information stored in cloud storage buckets.
As of now, neither Alice’s Table nor its parent company, 1-800-Flowers, have responded to requests for comment regarding the data breach. It is crucial for companies to prioritize data security and take proactive measures to prevent such incidents in the future.