Personal Data of Over 83,000 Customers Exposed in Misconfigured Google Cloud Storage Bucket

A data breach involving a misconfigured Google Cloud Storage bucket linked to Alice’s Table, a popular virtual floral arrangement platform, has exposed the personal information of over 83,000 customers. The breach included tens of thousands of files containing sensitive data such as names, email addresses, home addresses, and order details of the platform’s users.

Cybernews researchers uncovered the exposed Google Cloud bucket containing 37,349 files, including 10,183 XLSX and CSV files with personally identifiable information (PII). The leaked information included personal and corporate email addresses, with some associated with major companies and government entities.

The security implications of the breach are significant, with concerns raised about potential phishing attacks, identity theft, and unauthorized access to confidential information. Additionally, the exposure of home addresses heightens the risk of physical intrusions for affected individuals.

Misconfigured cloud storage buckets are a common security risk, with issues such as publicly accessible buckets, incorrect permissions, missing encryption, and weak access controls making sensitive data vulnerable to unauthorized access. Organizations are urged to implement strong access controls, enable encryption, regularly review and update security settings, and utilize cloud security tools to prevent such breaches.

As of the publication of this article, neither Alice’s Table nor its parent company, 1-800-Flowers, had responded to requests for comment on the breach. The incident serves as a stark reminder of the importance of securing cloud storage to protect sensitive data and prevent unauthorized access.