Sharing your private and sensitive data with social media platforms is something that all users have to accept, and what matters for them is how responsibly the platform handles and protects that data.

In the case of the Swedish social media platform “Panion,” the situation could be much worse, as the company’s admins left a service bucket exposed online without requiring a password for access. The discovery was made by CyberNews investigators, who are always on the look for such exposures.

Even though the files in the publicly available Amazon S3 bucket do not contain deeply sensitive personal information like passwords, credit card data or social security numbers, bad actors can use the personal details in the database for a variety of malicious purposes:

  • Contact details like names and email addresses can be enough for phishers and scammers to commit targeted attacks against the exposed users via spam emails, while their stated interests can be used against them in social engineering campaigns
  • Determined criminals can combine the names and email addresses found in this bucket with other cyber breaches to build profiles of potential targets for identity theft
  • The location coordinates of these users can potentially be used for breaking and entering or cyberstalking

Thanks to their work and timely notice, Panion secured the leaky Amazon S3 bucket and locked the 694,116 files contained in it. There were roughly 2.5 million user records in these files, including full names, email addresses, genders, interests, images, selfies, document photos, private chats, and even location coordinates. Of these records, 171,855 concern unique users, so this is the number of people who were exposed to the internet.

Source: CyberNews

If you’re a Panion user, go ahead and reset your credentials on the platform immediately. If you were using the same password elsewhere, change it and pick something unique and strong enough. It is also possible that you will receive phishing emails now, so be aware of this and stay alert against scamming attempts.

Panion’s userbase is mostly based in Sweden, but people from Denmark and the United States also use it. These users are possibly immigrants from Sweden who are looking to stay in touch with their friends and relatives back home, unfortunately.


This discussion appeared on CyberNews and TechNadu.