Customers On Alert as E-Commerce Player Leaks 1.7+ Billion Records

Customers On Alert as E-Commerce Player Leaks 1.7+ Billion Records

A Brazilian e-commerce firm has unwittingly exposed close to 1.8 billion records, including customers’ and sellers’ personal information, after misconfiguring an Elasticsearch server, according to researchers.

A team at SafetyDetectives led by Anurag Sen made the discovery in June and quickly traced the leak back to Hariexpress — a firm that allows vendors to manage and automate their activity across multiple marketplaces, including Facebook and Amazon.

Although the firm replied to the researchers just four days after they alerted it to the leak in early July, it was subsequently uncontactable. Infosecurity is currently trying to confirm if the issue has been fixed or not.

The server was left unencrypted with no password protection in place. It contained 610GB of data, including customers’ full names, home and delivery addresses, phone numbers and billing details. Also exposed were sellers’ full names, email and business/home addresses, phone numbers and business/tax IDs (CNPJ/CPF).

SafetyDetectives could not confirm the total number of those affected due to the size of the trove and the potential for duplicate email addresses.

“A data breach of this magnitude could easily affect hundreds of thousands, if not millions of

Read More: https://www.infosecurity-magazine.com/news/ecommerce-player-leaks-billion/