Data breach exposes millions of seniors’ data


Rene Millman

10 Aug, 2021

Security researchers have found a major breach that exposed the details of over three million US seniors.

According to WizCase, the data breach affected SeniorAdvisor, “one of the largest consumer ratings and reviews websites for senior care and services across the US and Canada.” Among the exposed details were users’ names, surnames, phone numbers, and more.

Researchers at WizCase discovered a misconfigured Amazon S3 bucket belonging to the website containing over 1 million files and 182GB of data. Contact dates from the files suggest they are from 2002 to 2013, though the files had a 2017 timestamp.

“The majority of data exposed was in the form of leads, a list of potential customers whose details were collected by SeniorAdvisor presumably via their email or phone call campaigns,” said researchers.

Researchers also unearthed  2,000 “scrubbed” reviews. These are reviews where the user’s sensitive information has been wiped or redacted.

“However, this scrubbing process is useless if you have the corresponding information. The scrubbed reviews had a lead id which could be used to trace the review back to who originally wrote it,” researchers said. As both lead data and these scrubbed reviews were in the same database, supposedly anonymous reviewers could have their identity revealed with a simple search operation.

WizCase researchers said since the breach contained data from a section of the public more vulnerable to scams, the risks were higher. In a 2018-2019 report, the Federal Trade Commission (FTC) noted that people who filed a fraud complaint between 60 and 69 years old lost $600 per scam on average. The amount rose in older groups, culminating in $1700 on average per scam for people between 80 and 89.

“In particular, the report found senior citizens were more likely to fall for digital scams such as tech support scams, prize/sweepstakes scams, online shopping scams, and especially phone scams,” said researchers. “As shown, senior citizens are at greater risk for online fraud than the rest of the population, and therefore should be even more careful in their online behavior.”

Researchers urged people using such services to input the bare minimum of information when making a purchase or setting up an online account.

“The less information hackers have to work with, the less vulnerable you are,” warned researchers. Researchers have since contacted the company, and the bucket has since been secured.