An anonymous reader quotes the “Naked Security” blog of anti-virus company Sophos:
Researchers have discovered another big database containing millions of European customer records left unsecured on Amazon Web Services (AWS) for anyone to find using a search engine. A total of eight million records were involved, collected via marketplace and payment system APIs belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe.
Discovered by Comparitech’s noted breach hunter Bob Diachenko, the AWS instance containing the MongoDB database became visible on 3 February, where it remained indexable by search engines for five days. Data in the records included names, shipping addresses, email addresses, phone numbers, items purchased, payments, order IDs, links to Stripe and Shopify invoices, and partially redacted credit cards…
A total of eight million records were involved, collected via marketplace and payment system APIs belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe.
The article calls it “simply the latest example of how easy it is to leave sensitive data sitting in an unsecured state on cloud storage platforms.” They cite two more high-profile databases that Comparitech found exposed on Elasticsearch just in 2020:
A database containing 309 million Facebook user IDs, phone numbers and names
A total of 250 million Microsoft customer support records dating back to 2005
of this story at Slashdot.
Source:: Slashdot