“Ariix Italia” Leaked the Data of More Than 30,000 Sales Agents

• Many thousands of sales agents in Italy have had their personal details exposed via an unprotected bucket.
• The data includes full names, phone numbers, emails, physical addresses, credit card details, ID numbers, and passports.
• This was a total catastrophe, but the entity responsible for the blunder may not have even realized it yet.

“Ariix Italia” has made the common but always formidable mistake of leaving an Amazon Simple Storage Service bucket unprotected and accessible by anyone with a web browser. The discovery was made by CyberNews researchers, who found evidence that the S3 bucket belongs to the Italian branch of Ariix, which is an American multi-level marketing company active in the selling of health and wellness products. The researchers contacted Ariix on May 28, 2020, but they didn’t hear back. Three days later, they sent a notification to Amazon, and on June 5, 2020, the bucket was taken offline.

For at least a week (indexing occurred months ago), the bucket was leaking the following details, belonging to Italian sales agents:

• Full names
• Dates of birth
• Tax identification numbers
• Home addresses
• Email addresses
• Phone numbers
• Credit card numbers
• IBAN details
• Passport details
• Signatures

The documents stored in the bucket include thousands of PDF and JPG files, which contained images of credit cards, enrollment contracts, health insurance cards, national ID cards, and passwords. These scanned documents and other information on the server were stored unencrypted, which is the additional negligence that turns unprotected buckets into a catastrophe.

The above data are missing no details about the agents really, and even the most unskillful threat actors and scammers could utilize them for malicious purposes successfully, including identity theft, phishing, scamming, extortion, spamming, account take-over, and more. Knowing all of the above details creates the basis for brute-forcing attacks, which is another reminder of why we should pick passwords that contain nothing relevant to our ID, address, phone numbers, etc. If you have any relationship with Ariix Italia, you are advised to reset your passwords across your entire online presence, keep an eye on your banking and credit card reports, and even monitor who is using your health insurance.

If you notice anything suspicious, make sure to report it to your bank as soon as possible. Finally, replace your national ID, password, and medical insurance card. This will be an entire kerfuffle, but these documents have unfortunately been irreversibly compromised now, and you should better invalidate them. Remember, someone may use your credit card to buy something illegal, and you would get into more trouble.

Possibly Ariix hasn’t realized its mistake yet, as the bucket was taken offline by the AWS Trust & Security team. The fact that there were no clients exposed in this case remains a positive aspect. In contrast, the details leaked are introducing severe risks for the sales agents who are also very likely left in the dark.