The company in the discussion is German shopping giant Windeln.de who did not secure its database despite being alerted by researchers.
A couple of days ago it was reported that a misconfigured Elasticsearch database exposed 882 GB worth of data from 70 dating and e-commerce sites. Now, in the latest database mess up the personal data of more than half a million people has been exposed online.
The team of IT security researchers at Safety Detectives led by Anurag Sen has discovered a database belonging to a German online shopping website “windeln.de” exposing a humongous amount of personal data putting children and parents at all sorts of offline and online risks.
Since Windeln offers products related to miners, it already makes the company a sensitive platform requiring utmost security. However, in this case, the store’s production server database exposed 6.4 terabytes of data containing 6 billion records leaking personal information of over 700,000 customers.
See: Personal details of 38 million+ US citizens leaked in database mess up
It is worth noting that the production database was hosted on the Elasticserch server exposed on Shodan without any security authentication. This means the trove of data was accessible to the public including malicious threat actors and state-sponsored hackers.
As for Windeln, the information exposed in the incident included Personally identifiable information (PII) and other data such as:
InvoicesFull namesIP addressesInternal logsPhone numbersEmail addressesHome addressesHashed passwordsPayment methods without payment dataUsers’ children data such as their names, dates of birth, and gender.
A f ..
Support the originator by clicking the read the rest link below.
