Researchers from vpnMentor have discovered another unsecured database exposing sensitive details about users. As reported, they discovered an unprotected Amazon S3 bucket that contained thousands of plastic surgery images of patients. Further investigation revealed that the database belonged to NextMotion, a French aesthetic industry technology firm
Specifically, there were around 900,000 images that clearly showed patients’ faces. In some instances, the images also displayed patients’ body parts under treatment including private parts.
Apart from these sensitive images, the database also exposed other related information, according to the researchers’ findings. As stated,
Also, the researchers could access video files of scans, outlines for proposed treatments and the respective invoices.
Upon discovering the unsecured database, the researchers informed NextMotion of the incident who then addressed the flaw. Recently, the firm has also confirmed the incident while also ensuring rectification of the matter in a press release.