A popular video marketing software company, Animaker, has recently experienced a data leak, which has exposed the personal information of millions of its users. Animaker is an online video creation platform that allows users to create animated videos, explainer videos, and other content, using pre-built templates and tools. The data leak was discovered by security researcher Anurag Sen who found a publicly accessible storage bucket that contained over 700,000 user records totaling up to around 5.3 GB of data. The data included full names, device type, postal codes, IP addresses, mobile numbers, email addresses, Animaker profile details, and geographical information including country, city, and state. According to Sen, the leak allowed anyone with the bucket’s URL to access the data without any authentication. The situation has been reported to Animaker, but no response has been made at this time. No passwords or payment details were included in the leak, but the amount of information included in the bucket continues to increase over time. The company also stated that it has implemented additional security measures to prevent similar incidents in the future.
Users of Animaker are advised to be vigilant of any suspicious activity related to their accounts. It is also recommended that users enable two-factor authentication and use unique passwords for their various online accounts to mitigate the risk of further data breaches. Companies who use storage buckets should be aware that security controls typically need to be created after the creation of the bucket.