Brazilian marketplace integrator Hariexpress exposed 1.75 billion records

At the time of publishing this article, the was still exposed and growing as there has been no response from Hariexpress.

The Brazilian E-commerce Marketplace Integrator platform Hariexpress (Hariexpress.com.br) has been caught exposing a massive trove of belonging to its customers and vendors.

In total, the company has exposed more than 610GB worth of data containing over 1.75 billion (1,751,023,279) records without any security authentication.

Launched in 2018; Hariexpress integrates eCommerce marketplaces into a single platform to automate processes across different online stores.

It is worth noting that this massive exposure has been caused by a misconfigured Elasticsearch server. This means anyone with of exploiting the misconfigured Elasticsearch servers can access these records without the need for login credentials.

SEE: Personal & banking data of 120 million Brazilians leaked online

The incident was originally identified by team researchers at Safety Detectives led by Anurag Sen. According to their blog post, the exposed records include information on both customers and vendors (businesses using the Hariexpress platform). For instance, when it comes to customers, the content of the exposed data includes:

Images Full names Usernames Email addresses Phone numbers Billing details including billing addresses.

Read More: https://www.hackread.com/brazilian-marketplace-integrator-hariexpress-records/