Many people use free online services to create PDFs quickly and easily. A recent study by the Cybernews research team reveals that this convenience can come at a high price: the security of personal data.
The research revealed that two well-known online PDF services, PDF Pro and Help PDF, had made over 89,000 user documents accessible on the Internet without protection. The type of documents affected is particularly alarming. They include sensitive information such as passports, driving licenses, certificates, contracts and other personal documents. These were stored in an unsecured Amazon S3 bucket and freely accessible to anyone. Despite multiple attempts to contact the operators, the data leak persisted at the time of publication.
Risks for those affected
The consequences of such a data leak can be serious for users. Criminals could misuse the disclosed information for various fraudulent activities. These include identity theft, where loans or credit cards could be applied for in the victim’s name, financial fraud by opening bank accounts or making expensive purchases, and document forgery by manipulating contracts or licenses.
Recommendations for damage limitation
The research team makes several recommendations to online services to contain the leak and prevent similar incidents in the future. These include immediately restricting public access to the affected bucket, changing bucket policies and access control lists, reviewing and adjusting access rights for all stored objects, and enabling server-side encryption.
Meanwhile, users should always be aware that their uploaded documents may not be adequately protected. It is advisable to only share sensitive information via trustworthy and security-checked platforms. The convenience of free services should not come at the expense of personal data security.