Reindeer marketing agency under the radar as 300,000 customer personal data leaked

August 13, 2021
Reindeer marketing agency 300,000 customer personal data leaked misconfigured server

A weighty and dangerous cyberattack that has exposed hundreds of customers’ personal data such as names, email addresses, phone numbers, birthdays, physical addresses, and many more have affected Reindeer, an American marketing company. This is from a report led by Ata Hakçıl from WizCase’s security team. 

An Amazon S3 bucket initially owned by Reindeer, a defunct American advertising company, which holds over 50,000 files and 32GB of data, has been discovered by WizCase’s ethical cyber researchers in a misconfigured condition. Since Reindeer, which is now considered a defunct company, owns this bucket, the researchers from WizCase get in touch with Amazon about this breach because they are the only point of contact that can assist with this problem. With some hope that they will also help reach out to their prior company owner, WizCase also notified the US-Cert. `


According to the report, over 300,000 customer details from different clients of Reindeer had their sensitive data compromised due to the misconfigured S3 bucket. 


Many other Reindeer clients’ sensitive information was left exposed and vulnerable, including Patrón, a client with the most significant number of clients PII’s uncovered. In addition to this is Jack Wills, a clothing brand from the UK. 

For more information about this breach, the personal details that were left exposed comprised of names, surnames, email addresses, birthdays, physical addresses, passwords, and Facebook IDs. There are approximately 306,000 customers in total and of which includes about 1,400 profile photos. Also, about 100,000 mobile numbers and physical addresses were exposed. However, they were the rarest information that has been compromised. According to security researchers, a totality of 35 countries was involved in the user count – with the US, Canada, and Great Britain as the top three of them to account for nearly 280,000 of those users. May 2, 2007, to February 6, 2012, was the date range of this exposed information. 

Like Douglas Murray, a CEO at Valtix, organisations are still in the process of familiarisation with the public cloud environment as it is an entire host of brand-new issues. Layered cyberattack defences have been ultimately highlighted as a concern due to this case of the Reindeer breach. The situation has remarkably raised a lot of serious questions in regards to the shared responsibility model. Organisations will be required to deploy network-based access controls and utilise security policies to have a more effective defence counter to delicate data exfiltration, specifically for PaaS(Platform as a Service) services like S3. Many establishments are yet to implement these operative network securities in the cloud despite being recognised as top security practices. With this case, a multi-cloud network security platform could have potentially aided in simplifying and improving it. 

About the author

Leave a Reply