If you use this popular recipe site, your private data might’ve been stolen

Andy Meek

May 2, 2021 at 10:34 AM·2 min read

Paleohacks, a Los Angeles-based website that serves as a repository of items like recipes and meal plans along with running an e-commerce store, reportedly exposed the data of some 70,000 users to potential fraud and hacking, thanks to a data leak reported by researchers at vpnMentor.

According to vpnMentor’s analysis, this incident originated from “a cloud storage account Paleohacks was using to store the private data and personal details of over 70,000 customers and users. The company had failed to implement basic data security protocols. As a result, anyone whose data had been collected by Paleohacks was at risk of fraud, identity theft, hacking, and much more.”

The details of what vpnMentor says it discovered: Paleohacks was apparently using an Amazon Web Services S3 bucket to house customer data. Hundreds of thousands of businesses around the world use those, but one important thing to know about them is that AWS requires clients to set up data privacy protocols manually when creating the S3 bucket account. “Paleohacks,” according to vpnMentor, “failed to install any privacy protocols on its S3 bucket — leaving the entire contents exposed to anyone with the most basic hacking skills.”

This bucket housed some 6,000 files containing data on nearly 70,000 users. Those files spanned the years 2015 to 2020 and included user data such as email addresses, IP addresses, birth dates, bios, and more. Here’s more from the researchers explaining why Paleohacks leaving the customer data in the state they did is such an issue:

“By combining a customer’s PIII data with records of their purchases and orders on the Paleohacks website, a criminal enterprise could create highly effective phishing emails posing as the company and trick customers into providing additional data and credit card details. They could also be enticed into clicking a link embedded with malware, spyware, or another form of malicious software.” What’s more, this issue could allow hackers to break into the account of a user via password reset tokens.

The vpnMentor researchers said they identified this problem in the process of conduction “a huge web mapping project.” According to their explanation, their researchers were deploying large-scale web scanners in the hunt for unsecured data repositories, and when they came across such data sets they then examine them for any data being leaked. Bottom line: “Our team was able to access Paleohacks’ S3 bucket because it was completely unsecured and unencrypted.”

Paleohacks as of yet hasn’t responded publicly about the issue. Customers are encouraged to contact the company to ask how it’s protecting their data.

Today's Top Deals

See the original version of this article on BGR.com

Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from
With free agency and the draft behind us, what 32 teams look like today will likely be what they look like Week 1 and beyond for the 2024 season. Matt Harmon and Scott Pianowski reveal the post-draft fantasy power rankings. The duo break down the rankings in six tiers: Elite offensive ecosystems, teams on the cusp of being complete mixed bag ecosystems, offensive ecosystems with something to prove, offenses that could go either way, and offenses that are best to stay away from in fantasy.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Sports
Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing
The Cardinals' nightmare season continues.
Yahoo Finance
These 3 stocks are poised to benefit from the massive energy transition
The energy transition will benefit companies providing electrical needs for surging demand. Analysts point to these three stocks as a Buy.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
2024 NFL Team Fantasy Football Power Rankings, 1.0
With NFL rosters pretty much set before training camp, Scott Pianowski reveals his first set of team fantasy power rankings for the 2024 season.
Yahoo Sports
Phil Mickelson on the majors: 'What if none of the LIV players played?'
Phil Mickelson hints that big changes could be coming to LIV Golf's rosters, and the majors will need to pay attention.
Yahoo Sports
Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers
Fantasy baseball analyst Fred Zinkie offers up his top buy low/high and sell low-high candidates for Week 6.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks
Tuesday's last-2-minute report should be interesting.
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Yahoo Sports
Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL
Kelly allegedly harassed a female strength and conditioning coach who sued him and the Toronto Argonauts in February.
Yahoo Sports
NFL Draft fashion: Caleb Williams, Malik Nabers dressed to impress, but Marvin Harrison Jr.'s medallion stole the show
Every player was dressed to impress at the 2024 NFL Draft.
Yahoo Finance
Fed’s Kashkari: Rates will stay high for 'extended period' and can't rule out a hike
Minneapolis Fed president Neel Kashkari said interest rates will likely stay at current levels for an "extended period" and didn't rule out a hike if inflation stalls near 3%.
Yahoo Sports
NBA fines Nuggets G Jamal Murray $100K for tossing heat pack, towel on court vs. Timberwolves; no suspension
Murray tossed a heat pad onto the court during gameplay vs. the Timberwolves.

News

Life

Entertainment

Finance

Sports

New on Yahoo

If you use this popular recipe site, your private data might’ve been stolen

Recommended Stories

The FDIC change that leaves wealthy bank depositors with less protection

Former NBA guard Darius Morris dies at 33

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

These 3 stocks are poised to benefit from the massive energy transition

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

Social Security just passed Medicare as the government's most pressing insolvency risk

2024 NFL Team Fantasy Football Power Rankings, 1.0

Phil Mickelson on the majors: 'What if none of the LIV players played?'

Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers

The best budgeting apps for 2024

NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks

The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024

Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL

NFL Draft fashion: Caleb Williams, Malik Nabers dressed to impress, but Marvin Harrison Jr.'s medallion stole the show

Fed’s Kashkari: Rates will stay high for 'extended period' and can't rule out a hike

NBA fines Nuggets G Jamal Murray $100K for tossing heat pack, towel on court vs. Timberwolves; no suspension