March 15, 2020 05:34 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/DUvExbY9fe4/data-of-millions-of-ebay-and-amazon-shoppers-exposed
Data of Millions of eBay and Amazon Shoppers Exposed
An anonymous reader quotes the "Naked Security" blog of anti-virus company Sophos:Researchers have discovered another big database containing millions of European customer records left unsecured on Amazon Web Services (AWS) for anyone to find using a search engine. A total of eight million records were involved, collected via marketplace and payment system APIs belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe. Discovered by Comparitech's noted breach hunter Bob Diachenko, the AWS instance containing the MongoDB database became visible on 3 February, where it remained indexable by search engines for five days. Data in the records included names, shipping addresses, email addresses, phone numbers, items purchased, payments, order IDs, links to Stripe and Shopify invoices, and partially redacted credit cards... A total of eight million records were involved, collected via marketplace and payment system APIs belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe. The article calls it "simply the latest example of how easy it is to leave sensitive data sitting in an unsecured state on cloud storage platforms." They cite two more high-profile databases that Comparitech found exposed on Elasticsearch just in 2020:A database containing 309 million Facebook user IDs, phone numbers and namesA total of 250 million Microsoft customer support records dating back to 2005Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/DUvExbY9fe4/data-of-millions-of-ebay-and-amazon-shoppers-exposed
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot