Once again, an unsecured database has exposed sensitive customer records. Allegedly, the database belonged to a French Burger King Online shop for kids – the Kool King Shop. The misconfigured database exposed thousands of records including personal records and CRM details.
Burger King Online Shop Exposed Customer Data
Reportedly, Bob Diachenko of Security Discovery found another unsecured database leaking sensitive data. The researcher stumbled upon a misconfigured Elasticsearch database that exposed roughly 38,000 records.
As stated in his blog post,
“An open and unprotected Elasticsearch cluster with plain-text data was left unattended at least since April 24, 2019, according to Shodan historical data.”
The database allegedly belonged to the Kool King Shop – the French-only Burger King online shop for kids. Regarding the information leaked from the database, Diachenko stated that he found 37,900 customer records. These records included sensitive information such as names, phone numbers, dates of birth, email addresses, passwords, voucher codes, and links to externally stored certificates.
In addition, the exposed data also included 25 admin CRM access details including names, email addresses, and encrypted passwords. Besides, the database also exposed e-Commerce CRM backend logs with debug information and internal data.
Nonetheless, the database did not expose any payment information.
Database Now Closed
After Diachenko found the unsecured database, he promptly reported the matter to the database admins. The researcher could easily get their email addresses from the exposed data. The Burger King team acknowledged his findings and took necessary actions to rectify the matter. As per their statement,
“All the necessary actions legally required have been taken internally and with our service provider immediately after this incident came to our knowledge to ensure the effective resolution of the problem as well as the safety of our clients’ data. We are also liaising with the relevant national authority having jurisdiction in this respect.”
While the admins promptly closed the database, it is certainly alarming to witness the increase in the frequency of data leakage through unsecured or misconfigured servers. Perhaps, it is high time that the organizations should vigilantly review the security status of their databases.
Let us know your thoughts in the comments section below