2 min read

Sennheiser Audio Tech Giant Leaks Info of 28,000 Customers Online

Alina BÎZGĂ

December 20, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Sennheiser Audio Tech Giant Leaks Info of 28,000 Customers Online

Security researchers have discovered a leaky database exposing the personal information of thousands of Sennheiser customers online.

According to vpnMentor’s latest data breach report, the information of 28,000 customers of German-based professional audio solutions manufacturer was discovered on an unprotected Amazon Web Services (AWS) S3 bucket.

The unsecured server, discovered on Oct. 26, contained over 55 GB of data belonging to customers and businesses requesting samples of Sennheiser audio products between 2015 and 2018, including:

  • Full names
  • Email addresses
  • Phone numbers
  • Home addresses
  • Names of companies requesting samples alongside their number of employees

“The S3 bucket also contained a 4 GB database backup, but this was protected, and for ethical reasons, we didn’t try to gain access,” the researchers said. “While the data breach affected Sennheiser’s customers and suppliers across the globe, the majority of people affected were based in North America and Europe.”

No data is old data

While the exposed data may be old, the chances of customers still using the same email address, phone number and home address are high.

This probability gives any malicious actors that might have accessed the database, plenty of opportunities to conduct targeted phishing attacks against victims.

“If the data was collected using a ’request a sample‘ type form, cybercriminals could use the details to create incredibly convincing phishing emails posing as Sennheiser and trick previous customers into providing additional personal information or clicking a malicious link,” the researcher warned. “Furthermore, due to the number of people exposed in this data breach, cybercriminals would only need to successfully scam a small fraction for any criminal scheme to be considered successful.”

Sennheiser secured the leaky server on Nov. 1 and there has been no evidence of misuse of customer information until now. However, since access by malicious third parties cannot be ruled out, users are advised to be wary of any unsolicited emails and brush up on good cyber practices.

Are you a data breach victim? Use Bitdefender’s Digital Identity Protection service to get real-time alerts for data breaches and privacy threats. You get instant access to a mapping of your online accounts and publicly available data, allowing you to assess your risk levels. The service gives you easy-to-follow one-click action items that allow you to shut down any weak points in your digital footprint so you can stop worrying about what you should do next.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

US Charges Venezuelan Cardiologist with Using, Selling Ransomware US Charges Venezuelan Cardiologist with Using, Selling Ransomware
Vlad CONSTANTINESCU
1 min read
Russian cyber attack on Eurovision foiled by Italian authorities Russian cyber attack on Eurovision foiled by Italian authorities
Graham CLULEY

May 16, 2022

1 min read
Scam Pixelmon NFT Website Hosts Password-stealing Malware Scam Pixelmon NFT Website Hosts Password-stealing Malware
Vlad CONSTANTINESCU
1 min read