Data Breach at Senior Advisor Exposes Millions of Senior Citizens' Personal Information

InfoSecurity Magazine reported this week that security researchers found an unsecured Amazon S3 bucket containing a database with millions of senior citizens' personal information exposed online.

What Happened?

WizCase first reported the incident that their threat research team led by Ata Hakcil discovered an Amazon S3 bucket owned by Senior Advisor, containing senior information online and unsecured. The bucket was named "leads."

The data breach contained more than three million people's information, including names, email addresses, phone numbers, and contact dates. Researchers uncovered a million files and 182GB of data. However, the data was unencrypted, and no password was required to access it. This type of Amazon S3 misconfiguration is responsible for various other data breaches.

According to InfoSecurity Magazine, "WizCase believes the files are from 2002-2013 based on the contact dates, although the files were timestamped in 2017."

"Additionally, the team found around 2000 "scrubbed" reviews in the misconfigured bucket, in which the user's sensitive information was wiped or redacted. However, the scrubbed reviews contained a lead ID that would enable a malicious actor to trace it back to the person who wrote it as the reviews and lead data were in the same exposed database."

How Did the Senior Advisor Respond?

Immediately upon discovering the data breach, WizCase contacted Senior Advisor to alert them. The company responded by securing the file; however, the damage could already be done.

According to WizCase,

"The greatest danger of this breach stems from the specific group of people left vulnerable. SeniorAdvisor is targeted toward senior citizens in or near retirement. In a  2018-2019 report, the FTC noted that people who filed a fraud complaint in the ages of 60-69 lost $600 per scam on average. The amount rose as the age group was older, culminating in $1700 on average per scam for people in the ages of 80-89."

Senior Citizens a Prime Target

Senior citizens are prime targets for cybercriminals because they are unaware of the dangers, are more trusting of strangers, and could be suffering from memory loss or other physical or mental issues.

Spear phishing targets specific groups of people, and hackers use this type of attack to ensnare seniors in various kinds of scams. Armed with someone's name, email address, and phone number along with their age (which can be determined easily online), a scammer could easily trick an older adult out of money, credit card or bank details, or login credentials for other accounts. Seniors also often have substantial savings from a lifetime of working making them attractive targets.

Some of the most popular scams perpetrated against seniors include:

• Healthcare/Medicare/Insurance fraud.
• Charity scams.
• Reverse mortgage schemes.
• Phishing emails about Covid or counterfeit prescription drugs.
• Lottery scams.
• Grandparent scam. 
• Anti-aging products.
• Social security fraud.

Above is just a sampling of the ways that criminals target seniors. The information breached by Senior Advisor could unleash a flood of different types of attacks targeting older Americans.

How Seniors Can Stay Safe

Some ways that senior citizens can stay safe after a data breach are:

• Always use strong passwords for devices and online accounts.
• Never share your credentials or personal information with anyone unsolicited.
• Never reuse passwords on multiple accounts.
• Do not click links or download attachments that come through email.
• Always verify the sender of an email before taking any action.
• Remember that thieves will try and do anything to get you to hand over details.
• Protect your personally identifiable information (like your social security number, driver's license, etc.) at all costs.