Burger King Online Kid’s Shop Exposed Thousands Of Records From An Unsecured Database

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

Once again, an unsecured database has exposed sensitive customer records. Allegedly, the database belonged to a French Burger King Online shop for kids – the Kool King Shop. The misconfigured database exposed thousands of records including personal records and CRM details.

Burger King Online Shop Exposed Customer Data

Reportedly, Bob Diachenko of Security Discovery found another unsecured database leaking sensitive data. The researcher stumbled upon a misconfigured Elasticsearch database that exposed roughly 38,000 records.

As stated in his blog post,

“An open and unprotected Elasticsearch cluster with plain-text data was left unattended at least since April 24, 2019, according to Shodan historical data.”

The database allegedly belonged to the Kool King Shop – the French-only Burger King online shop for kids. Regarding the information leaked from the database, Diachenko stated that he found 37,900 customer records. These records included sensitive information such as names, phone numbers, dates of birth, email addresses, passwords, voucher codes, and links to externally stored certificates.

In addition, the exposed data also included 25 admin CRM access details including names, email addresses, and encrypted passwords. Besides, the database also exposed e-Commerce CRM backend logs with debug information and internal data.

Nonetheless, the database did not expose any payment information.

Database Now Closed

After Diachenko found the unsecured database, he promptly reported the matter to the database admins. The researcher could easily get their email addresses from the exposed data. The Burger King team acknowledged his findings and took necessary actions to rectify the matter. As per their statement,

“All the necessary actions legally required have been taken internally and with our service provider immediately after this incident came to our knowledge to ensure the effective resolution of the problem as well as the safety of our clients’ data. We are also liaising with the relevant national authority having jurisdiction in this respect.”

While the admins promptly closed the database, it is certainly alarming to witness the increase in the frequency of data leakage through unsecured or misconfigured servers. Perhaps, it is high time that the organizations should vigilantly review the security status of their databases.

Let us know your thoughts in the comments section below

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!