These days, the frequency of incidents of firms leaking user data through unprotected databases is on a rise. Once again, a similar report surfaced online as an Australian firm AmazingCo exposed user data publicly. The exposed information included personally identifiable data of the customers.
AmazingCo Exposed User Data
According to Jeremiah Fowler of Security Discovery, AmazingCo exposed user data through an unsecured database. He shared details of his findings in his blog post.
As discovered, the researcher noticed an open Elastic database without a password that contained detailed customer records. Scratching the surface revealed that the database belonged to the Australian firm AmazingCo. The leaky database had a folder entitled ‘customers’ with 174,000 records. Regarding the type of information exposed, Fowler found,
212,220 records in total including many user names, emails, phone numbers, internal notes, and other sensitive details… IP addresses, Ports, Pathways, and storage info that cybercriminals could exploit to access deeper in to the network.
Additionally, the leaked data also included customer feedback associated with personal information.
Each of these were connected to the client’s real personally identifiable data and the files also included internal notes on the clients, their events and any challenges Amazingco’s staff experienced.
Most of the details linked back to some children’s parties and wine tours. It remains unconfirmed that for how long the database leaked the information. Nonetheless, considering the indexing date, the researcher assumes that it may have stayed available at least for 6 to 7 days.
Database Went Offline
Fowler discovered the unprotected database on May 11, 2019, after its indexation on May 6, 2019. Upon noticing the database, he quickly notified AmazingCo the same day. Two days later, on May 13, 2019, he confirmed that the database went offline.
Although, the company acted quickly to resolve the matter. They didn’t actually reply to the researcher with regard to his notifications.
AmazingCo is an Australian event planning firm located in Melbourne. The company provides services for various parties, family gatherings, wine tours, etc. It also offers services to outside Australia, specifically, the USA and New Zealand. The firm claims to have “over 35,000 experiences delivered” involving more than 1 million organizers and attendees.