According to their official website, Artwork Archive is "an art inventory platform that artists use to track their artwork, showcase their portfolio and grow their business." In other words, it provides a centralized hub for artists – both online and offline – to advertise and sell their art in a safe and secure manner.
That's the idea behind Artwork Archive – but as artists as learning, their site might not be that secure at all.
'''What's the Problem?
It was in early July when we first heard about a potential leak of sensitive information via Artwork Archive. Accessible through an open S3 bucket – which is essentially a cloud-based folder containing sensitive data – the leak could have exposed the personal information of hundreds of thousands of users.
According to a representative with Artwork Archive, however, the leak was identified and patched quickly enough that no damage was caused. The leak first came to light thanks to members with WizCase – an independent computer and network security reviewer.
Examining the Bucket
The open bucket was originally identified back in May. According to their reports, they were able to access the bucket without any authentication or verification whatsoever. Their report continued to say that over 421 GB of data was left accessible by the public, including information pertaining to more than 7,000 artists, collectors, galleries, and potential customers.
Moreover, the public information also included specific purchase details. According to WizCase, their investigative team was able to view approximately 9,000 invoices – complete with purchase prices, sales agreements, and even detailed revenue reports.
The bucket also contained personal information in the form of exported contacts, including full names, personal phone numbers, email addresses, cities, countries, and company affiliations of individual buyers.
WizCase also uncovered numerous inventory reports in the bucket, too. These inventory reports contained information included specific products, artists, buyers, and galleries.
Solving the Issue'
According to Artwork Archive, the issue was fixed within an hour after learning of the situation. This would definitely minimize much of the risk associated with the leak. Representatives with Artwork Archive are blaming the leak on a misconfigured Amazon S3 bucket. In total, over 200,000 files were left exposed.
However, the team at Artwork Archive insists that no real damage was done. In a statement issued by Artwork Archive, they attempted to clarify the incident by saying: "There is no other evidence that this was accessed by anyone other than the third-party cybersecurity company."''
Justin Anthony, co-founder of Artwork Archive, responded kindly to the incident. Not only did he thank the team with WizCase for shedding light on the misconfigured bucket, but he reiterated his company's dedicated to consumer privacy and data protection.
He stated, in part: "Maintaining the privacy of our clients and keeping their data secure has always been core to what we do. Security is our top priority and this is not something that has impacted our users at large."
As noted, Artwork Archive moved quickly to correct the issue and have since resumed business as usual for all of their artists and customers.
Misconfigured Cloud Storage Exposes User Info
Comments
No comments yet. Sign in to add the first!