- May 4, 2020
The CyberNews investigations team discovered an unsecured data bucket that belongs to Panion, a Swedish software company. The unprotected bucket contains more than 2.5 million user records, including full names, email addresses, genders, interests, location coordinates and last login dates, as well as selfies and document photos.
The files containing the records were left on a publicly accessible Amazon Web Services (AWS) server, allowing anyone to access and download the data.
After we contacted Amazon regarding the exposed Panion bucket, access to files containing user data was disabled.
The publicly available Panion Amazon S3 bucket contained 694,116 files, including:
Aside from the user records, the bucket contained hundreds of thousands of images presumably exchanged by users of the Panion app.
- 693,018 image files uploaded by the developers and users, including selfies and documents shared by users in either group or private chats
- 61 CSV periodically updated files that contained what appears to be 2,596,369 user records, of which 171,855 records belonged to unique users