Unsecured Database Exposed 8 Million UK Shoppers Records

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Another unsecured database has leaked data online threatening the privacy of users. This time, the unsecured database belonging to a third-party exposed 8 million UK shoppers records.

UK Shoppers Records Exposed

Security researcher Bob Diachenko has found another unsecured database exposing a huge amount of user records. This time, the unsecured MongoDB database exposed UK shoppers’ data containing explicit information with over 8 million records.

As detailed in a blog post by Comparitech, the researcher found the exposed MongoDB database on an unsecured AWS server. Further research linked the leaked details to customers of various e-commerce services. The database itself belonged to a third-party.

The vendor’s app pulled sales records from marketplace and payment system APIs like that of Amazon UK, eBay, Shopify, PayPal, and Stripe to aggregate retailers’ sales data and calculate value-added taxes for different EU countries.

In brief, the database included explicit personal details of the customers as well as the information regarding sales. The leaked data included customers’ names, email addresses, contact numbers, purchase details, shipping addresses, order IDs, and last four digits of the payment card numbers. It also included links for Shopify and Stripe invoices.

A major portion of the exposed data belonged to Amazon UK and eBay. Whereas, the other vendors’ data, Shopify, Stripe, and PayPal, comprised of small portions.

Database Now Offline

Upon discovering the unprotected database that was exposed for five days, researchers alerted Amazon of the matter since they hosted the server. While it took the researchers some time to identify the database owner, they later decided to keep its name undisclosed.

After the report, Amazon swiftly took action to pull the database offline. Below is a copy of their statement to the researchers,

We were made aware of an issue with a third party developer (who works with a number of Amazon sellers), who appears to have held a database containing information from several different companies, including Amazon. The database was available on the internet for a very short period of time. As soon as we were made aware, we ensured the third party developer took immediate action to remove the database and secure the data. The security of Amazon’s systems was not compromised in any way.

While the database is now offline, the researchers still urge the users to stay careful regarding fraudulent activities targeting them.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!