Login

Register

Login

Register


Nearly eight million sales records containing the personal information of UK shoppers have been discovered exposed to the public-facing internet, after another cloud misconfiguration.

Noted researcher Bob Diachenko discovered the unsecured MongoDB database residing on an Amazon Web Services (AWS) server on February 3.

It was secured five days later, after Diachenko identified and notified the owner, a third-party company that helps merchants to aggregate sales data from multiple online marketplaces and VAT for cross-border sales.

According to Comparitech, around half of the eight million sales records discovered in the database related to Amazon UK and eBay, with Shopify, PayPal, Stripe and a few smaller marketplaces and payment companies accounting for the rest.

“We were made aware of an issue with a third-party developer (who works with a number of Amazon sellers), who appears to have held a database containing information from several different companies, including Amazon,” an Amazon statement explained.

“The database was available on the internet for a very short period of time. As soon as we were made aware, we ensured the third-party developer took immediate action to remove the database and secure the data. The security of Amazon’s systems was not compromised in any way.”

Exposed data included customer names, email addresses, shipping addresses, purchases and the last four digits of credit card numbers — more than enough for hackers to craft convincing follow-on phishing emails to target those customers.

If they were able to trick users into handing over their log-ins, they could theoretically hijack accounts and use stored cards and/or gift tokens to make fraudulent purchases.

Vinay Sridhara, CTO of Balbix, argued that the incident follows the pattern of countless other data leaks over recent years.

“Despite billions invested in security, enterprises are failing at the infosec equivalent of washing their hands,” he added.

“Since an organization can’t improve what it can’t measure, the starting point for a company to improve their cyber-hygiene is to inventory, categorize and measure the criticality of their assets. From there, basic resilience begins with identity, encryption and network segmentation.”

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW