A misconfigured Amazon (S3) Simple Storage Service bucket, managed by a Walmart jewelry partner, left personal details and contact information of 1.3 million customers exposed to the public internet.
The S3 repository containing a MSSQL database backup belongs to MBM Company, a Chicago, Ill.-based jewelry company that operates mainly under the name Limogés Jewelry.
The publicly accessible bucket, discovered Feb. 6 by Kromtech Security, contained personal information, including names, addresses, zip codes, phone numbers, e-mail addresses, IP addresses, and plain text passwords, for shopping accounts of over 1.3 million people throughout the US and Canada.
“The negligence of leaving a storage bucket open to the public after the publication of so many other vulnerable Amazon s3 buckets is simple ignorance. Furthermore, to store an unprotected database file containing sensitive customer data in it anywhere directly online is astonishing, and it is completely unfathomable that any company store passwords in plain text instead of encrypting them,” according to Kromtech Security’s report.
....
....
....
....
