Saturday, January 16, 07:15
Home security BrandBQ: Fashion retailer reported customer data

BrandBQ: Fashion retailer reported customer data

A European company in the field of fashion (retail sale) exposed the personal data of millions of its customers, as it used a cloud base data with incorrect configuration. The researchers of vpnMentor were the ones who discovered the unencrypted Elasticsearch server. The discovery was made on June 28 and the parent company BrandBQ insured him about a month later, on August 20.

BrandBQ: Fashion retailer reported customer data

The Krakow-based retailer has both online and physical stores. Physical stores are located throughout Eastern Europe: Poland, Romania, Hungary, Bulgaria, Slovakia, Ukraine and the Czech Republic. Its main brands are answear and WearMedicine.com.

According to researchers, the exposed base data contained about 1 billion data. Of these, the 6,7 million belonged to online customers of company. The exposed ones data include: personal identification (PII), such as full names, e-mail, home addresses, dates of birth, telephone numbers and archives payments (however there were no payment card details).

In addition, the database contained 50.000 files related to local contractors. In these cases, information such as VAT and purchase information were exposed. Finally, according to the researchers of vpnMentor, data related to the mobile application of Answear were affected, exposing personal information of 500.000 users Android application but also users of the iOS version.

Researchers believe that the exposed database contains enough data that cybercriminals could use to carry out successful and very convincing Phishing attacks.

BrandBQ: Fashion retailer reported customer data

"The same tactics could be used against contractors and BrandBQ itself. A successful one Phishing campaigning against a company can be absolutely destructive and tackling it is a challenge" explained the BrandBQ.

"Plus, all you need is one employee without training in cybercrime, to click on a malicious link in e-mail. And so the whole network of a company could be infected. With more than 700 employees, this is a real risk for BrandBQ".

According to Infosecurity Magazine, attackers could also use the exposed data to corporate espionage and take advantage of “sensitive technical informationIn the database to discover vulnerabilities that could be exploited.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...