Data Security

Misconfigured AWS bucket exposed 421GB of Artwork Archive data

The trove of data was left exposed unencrypted and without any password or security authentication.

The team of IT security researchers at WizCase team discovered a misconfigured Amazon S3 bucket belonging to the online art retail service Artwork Archive. The incident affected around 7,000 customers including galleries, artists, and collectors.

Private and Purchase Data Exposed

Led by Ata Hakçıl, the team reported that the misconfiguration exposed sensitive user data, including user’s name, surname, physical addresses, email addresses, and other sensitive data. The exposed records dated back to Aug 2015.

SEE: Warning as hackers breach MFA to target cloud services

Furthermore, the misconfiguration also exposed purchase details as WizCase’s team identified nearly 9,000 invoices, including sales agreements, artwork prices, and revenue reports.

In addition to this, exported contracts that contained details like the customer’s full name, email, company affiliations, city, country of residence, phone number, and other information were also part of the cloud storage.

The inventory reports revealed details of the artworks owned by artists, buyers, and galleries, including renowned artists like Joan Miro and Marc Chagall.

“These were usually contacts an artist added to Artwork Archive via their contact management feature and included art institutions, individual artists, art collectors, friends, and family,” WizCase researchers wrote in a blog post.

Data Didn’t Have any Protection

Researchers claim that the data wasn’t protected by a password or login credentials and wasn’t even encrypted, which is why anyone could access the information. WizCase notified the platform about an open S3 bucket around one month ago.

Screenshot of the leaked data that WizCase shared with

According to researchers, the company stores publicly shareable reports in this bucket. The breach exposed more than 200,000 files belonging to Artwork Archive, which amounted to 421GB of exposed data. The bucket was discovered on May 23 and secured on May 26.

About Artwork Archive

The Denver, Colorado-based service offers a one-of-a-kind platform to artists, collectors, and organizations for apt and secure management/selling of their art. the company offers software solutions on a subscription basis to manage the buying and selling of artwork.

Additionally, some prominent clients include luxury chain Neiman Marcus, artists Oliver Jeffers and Robert Farber, and Ivy League school Brown University.

To Top

Pin It on Pinterest

Share This