PetFlow

In 2017, PetFlow, an online pet supply retailer, suffered a massive data breach that exposed sensitive information of nearly 1 million customers.

The security incident occurred on January 23, 2017, and was discovered on March 2, 2017. During this time, an unauthorized third-party gained access to PetFlows systems and stole a massive dataset of customer information, including full names, email addresses, phone numbers, passwords, and encrypted credit card numbers.

The exposed data, totaling 990,919 records, was stored on an unsecured Amazon Web Services (AWS) S3 bucket. Without proper access controls, it was easily accessible to anyone who knew the buckets URL, allowing hackers to siphon off the sensitive data. The incident highlights the importance of implementing proper security measures, especially for sensitive data like credit card information.

PetFlow took several weeks to respond to the breach, initially citing high-tech robbery and threatening legal action against those responsible. However, it was ultimately discovered that the companys own security measures failed to protect the data, leaving customers vulnerable to identity theft and other cybercrimes.