The blogger behind a widely followed data-breach reporting service said an online counseling service has obtained an injunction barring her from publishing an article that went live five days earlier. The blogger says her article is also the subject of a criminal complaint.
The August 1 post on DataBreaches.net reported that a misconfigured Amazon Web Services bucket exposed more than 300,000 records relating to people who sought counseling-related services from 1to1Help. Writing under the pseudonym "Dissent," the blogger said she first notified the company of the exposure on June 10. More than two weeks later, when the data still hadn't been taken down, she said she began contacting multinational companies that had contracted with 1to1Help to notify them that their employees' information was exposed. The reported also regularly notified parties of her deadline for publishing.
On July 4, the blogger reported, she finally received a response from a 1to1Help lawyer. The lawyer said the exposed data came from an archive that was older than five years. For the past three years, the lawyer said in a statement, the company encrypted sensitive data in a way that prevented even company administrators from accessing it. "This has data which is gathered from our website usage such as articles read, quizzes taken, various self-help resources used and only includes a small percentage of counselling [sic] information from the partial data," the lawyer added.