A database allegedly belonging to Ariix Italia was exposed online on an unsecured Amazon S3 bucket, it includes 30,000+ Italian sales agents’ per
A database allegedly belonging to Ariix Italia was exposed online on an unsecured Amazon S3 bucket, it includes 30,000+ Italian sales agents’ personal data.
Researchers at cybernews.com recently uncovered an unsecured Amazon Simple Storage Service (S3) bucket that contains more than 36,000 documents, including scans of passports, credit cards, and health insurance cards. The database also contains sales representative enrollment contracts that include personally identifiable information such as full names, addresses, tax identification numbers, and signatures of mostly Italian citizens.
The database appears to belong to Ariix Italia, the recently launched Italian branch of Ariix, a US-based multi-level marketing company that advertises and sells health and wellness products.
On May 28, we tried to reach out to Ariix regarding the leak but received no response. We then reported the incident to Amazon and they were able to secure the S3 bucket. As of June 5, the Ariix Italia data bucket has been closed and is no longer accessible.
What data is in the bucket?
At the time of discovery, the data bucket contained 7,515 PDF and 25,895 JPG files.
The files include ID Card:
National electronic ID cards:
Health insurance cards:
Sales representative enrollment contracts:
Most of the contracts in the S3 bucket appear to be Ariix sales representative enrollment contracts that contain the following personally identifiable information:
- Full names
- Dates of birth
- Tax identification numbers
- Street addresses
- Email addresses
- Phone numbers
Who owns the bucket?
The unsecured S3 bucket belongs to Ariix, a multi-level marketing company based in Utah, United States. Dubbed “The Opportunity Company,” Ariix offers a wide variety of health and wellness products ranging from skincare products such as Nucerity and Reviive to nutritional supplements like Nutrifii to Ariix-branded notebooks that are sold online as well as by the company’s sales representatives.
Ariix operates in more than 20 different countries including the United States, Canada, Australia, Japan, the United Kingdom, and the European Union. Recently, Ariix has entered the Italian market, where the original owners of the vast majority of the documents stored in the unsecured bucket appear to originate from.
Who had access?
At the moment, it is unclear if any bad actors have accessed the Ariix Italia S3 data bucket. With that said, the confirmed data goes back at least several months. During this period, the bucket could have been accessed by anyone, as long as they knew where to look.
Therefore, as a precaution, Ariix Italia customers and sales representatives who have provided the company with their personal information should verify that their identities have not been used to commit fraud or other illegal activities.
What’s the impact?
All of the document scans found in the unprotected Ariix data bucket are deeply sensitive, and most of them aremore than enough for an attacker to put up the victims’ identities for sale on the black markets of the dark web or simply steal their money from credit cards.
Once acquired, the personally identifiable data that belongs to more than 30,000 people whose documents are stored in the bucket can be used to:
- Mount convincing phishing attacks
- Launch targeted phone and email spam campaigns
- Take out loans and credit cards in victims’ names
- Steal money
- Buy illicit goods with victims’ credit cards
- Use the victims’ health insurance
- Brute-force online account passwords
If you want to know what to do if you have been affected and the disclosure timeline give a look at original post available at:
About the author: Edvardas Mikalauskas
(SecurityAffairs – Ariix Italia, Data Leak)