Actualizado el 10/12/2024

icon Facebook icon Twiiter icon RSS icon EMAIL
  1. Portada
  2. >
  3. TecnonewsWorld
  4. >
  5. One retailer mistake puts several million Europeans at risk

One retailer mistake puts several million Europeans at risk

Escrito por Agencias Externas el 05/11/2024 a las 20:44:41
507

The latest Cybernews research shows that over 3.5 million people have been affected across Europe after German eyewear company Brillen spilled order details and customer data to anyone on the internet.


On August 8th, the Cybernews researchers discovered a leak that affected German eyewear retailer Brillen. The massive data leak affected over 3.5 million customers in Germany and the company’s affiliate sites in Spain and Austria.


What data was exposed?

 

  • Full names
  • Addresses
  • Emails
  • Mobile phone numbers
  • Gender
  • Dates of birth
  • Detailed order information – payment amounts, invoice numbers, and dates


Number of affected customers:

 

  • Germany (2,464,579)
  • Spain (961,000)
  • Austria (90,000)


What caused the leak?


The leak was caused by an absence of authentication on the Elasticsearch cluster. Elasticsearch is a search engine that allows users to store, search, and analyze large amounts of data. Failing to configure proper authentication exposes stored data to internet users and, inevitably, to threat actors who are constantly scanning the internet for publicly accessible databases.

 


In the case of Brillen, the cluster stored customers' personal data and order details.


Possible impact on the customers


Our researchers contacted the company instantly after discovering the leak, and it reacted by closing the access to the data. While the cluster has been taken down, the length of time it was exposed remains unclear, as does the extent to which public search engines have indexed the data. Once indexed, the data becomes accessible to anyone, creating a goldmine for threat actors.


Due to the number of affected clients, this leak would be lucrative to cybercriminals, as they would be able to launch large, semi-targeted phishing campaigns against a large number of potential victims,” warn Cybernews researchers.


The exposed data puts customers at heightened risk of identity theft and fraud. The order details, combined with personal information, can enable threat actors to craft highly customized phishing campaigns.