On Valentine’s day, vpnMentor researchers discovered an unsecured database containing thousands of explicit pre- and post-op images of plastic surgery patients (together with invoices and other files). The exposed database belongs to Nextmotion, a plastic surgery tech company that provides clinics around the globe with patients’ digital imagery.
The researchers managed to access around 900,000 individual files while scanning the internet for vulnerabilities for their web-mapping project. The files included highly sensitive and graphic images, video files, and paperwork related to dermatological treatments, plastic surgery, and consultations performed by clinics using NextMotion’s technology. The company was informed about the discovery and has since secured the database.
Unsecured and unencrypted databases pose massive risks to companies that use them to store files and sensitive information. If patients’ medical records, financial information, and graphic images of their bodies are leaked, it can put the clinic out of business. The company could face legal action from its clients and the scandal would ruin its reputation, scaring away new customers.
Plastic surgery photos exposed
NextMotion (which provides 170 clinics in 35 countries with what they claim to be cutting-edge technology) should have done more to keep their clients’ information secure. On the other hand, he believes that companies shouldn’t blindly trust third-party service providers with highly sensitive data. The best solution is file encryption.
Although file encryption sounds complicated, it’s become much more accessible in recent years. There are many affordable and easy-to-use tools, such as NordLocker, that offer end-to-end encryption for files stored locally or in the cloud. Also, encryption is a must when sharing confidential information with clients or members of staff. In the event of a data breach, hackers would be unable to access encrypted photos, documents, and other files — they’d only see uncrackable code.
Leaks of sensitive data affect not only private individuals, but big corporations, medical institutions, and governments as well. Last year, the private files of hundreds of German parliament members, including Angela Merkel, hit the internet and caused a huge scandal. In 2019, the medical files of 14,200 HIV positive people were leaked online in Singapore. But the most shocking leak happened in Russia in July of 2019, when hackers broke into the network of the contractor of Russia’s national intelligence service and stole roughly 7.5TB of data related to classified projects.