Leaking Google Cloud Storage Bucket Exposes Personal Data of Over 83,000 Customers Linked to Alice’s Table
A leaking Google Cloud Storage bucket linked to Alice’s Table, a Shark Tank contestant offering virtual floral arrangement classes, has exposed the personal data of over 83,000 customers, Cybernews reports.
The misconfigured cloud bucket was discovered by the Cybernews research team on April 28th during a routine investigation using open-source intelligence methods. The bucket was traced back to Alice’s Table, a platform founded by Boston entrepreneur Alice Lewis in 2015 and now part of the 1-800-Flowers family of brands.
In addition to floral arrangements, Alice’s Table offers curated live streaming experiences, including culinary and cocktail workshops. The leaking Google cloud bucket contained tens of thousands of files with personally identifiable information (PII) such as emails and home addresses of the platform’s clients in the United States.
The exposed data included full names, email addresses, home addresses, and order details. While the leak primarily consisted of personal email addresses, a significant portion were professional email accounts affiliated with companies like BCG, Pfizer, PwC, Charles Schwab, and government employees.
Cybersecurity experts advise affected organizations to immediately revoke public access to the affected bucket, review access logs retrospectively, enable server-side encryption, and conduct regular security audits of all Google Cloud Storage to mitigate risks and ensure ongoing compliance with security standards.
Neither Alice’s Table nor 1-800-Flowers have responded to Cybernews’ request for comment at the time of publishing. The United States Computer Emergency Readiness Team (US-CERT) has been informed of the incident.