- Jul 27, 2015
- 5,457
- Content source
- https://www.theregister.com/2022/06/16/storehub_data_leak/
Researchers at security product recommendation service Safety Detectives claim they’ve found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub.
Safety Detectives’ report states it found a StoreHub sever that stored unencrypted data and was not password protected. The security company’s researchers were therefore able to waltz in and access 1.7 billion records describing the affairs of nearly a million people, in a trove totalling over a terabyte. StoreHub’s wares offer point of sale and online ordering, and the vendor therefore stores data about businesses that run its product and individual buyers’ activities. Safety Detectives wrote that full names, phone numbers, physical addresses, email addresses, and even device types were among the exposed data. Customers’ orders, plus the locations they ordered from and the times at which they ordered, were also open to the world. Safety Detectives asserts that order details included “partially masked credit card information.”
Information about StoreHub users’ staff was also exposed. So were access tokens that could allow miscreants to alter users’ StoreHub-powered sites.
Unsecured Elasticsearch server leaks a million records
POS and online ordering vendor StoreHub offered free Asian info takeaways
www.theregister.com