1to1 Help Data Breach (2019)

On May 16, a researcher discovered that 1to1Help was exposing data in a misconfigured Amazon s3 bucket. When they eventually had time to look at the data, they found that were were more than 300,000 records with personal and sensitive information in the exposed bucket. The researcher then contacted this site to share their findings. Beginning on June 10, DataBreaches.net attempted to notify 1to1Help.net of the exposure so that they could secure their database. Emails sent to the site on June 10 and June 11 received no reply and by June 18, the bucket was still unsecured. An India-based cybersecurity firm that has assisted this site in the past in making notifications in India, BanBreach, also attempted to reach out to the firm, but did not reach anyone. After yet another week went by with no response from 1to1Help.net and finding that the bucket was still not secured, DataBreaches.net decided to start contacting some of 1to1Help’s larger corporate clients, hoping that if their clients called them to say, “Hey, our data is exposed,” they’d get action. On June 26, I spoke with a top privacy official for the U.S. headquarters of one of the multinational firms affected by the 1to1Help leak and explained the situation to her. I also started reaching out via email to other large corporate clients of 1to1Help.net. Two of the firms were immediately responsive and indicated that they were reaching out to 1to1Help.net On July 14, I finally got a response from Anil Bisht, the Director of 1to1Help.net.