Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

How an unsecured Elasticsearch server exposed customer order information and passwords

Istock-153217006

Chinese e-commerce giant Globalegrow left personally identifiable information and account credentials exposed, leading security researchers to call them "delusional."

Over 1.5 million customer records from online electronics seller GearBest, as well as Zaful, Rosegal, and DressLily, were stored in an unprotected Elasticsearch server, according to a joint report from VPNMentor (archived here) and security researcher Noam Rotem. The brands involved are owned by Shenzhen Globalegrow E-commerce Co., Ltd, a controversial seller of Chinese-made products.

The VPNMentor report indicates that orders, payments and invoices, and member databases were visible, exposing information including customer names and addresses, phone numbers, email address, IP addresses, date of birth, national ID and passport information, account passwords, and payment information, in addition to information about what products were ordered.

SEE: Brute force and dictionary attacks: A guide for IT leaders...(continued)

View All Trending Stories