1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Shoemaker Ecco leaks almost 60GB of customer data

    From TechnologyDaily@1337:1/100 to All on Fri Dec 23 21:30:03 2022
    Shoemaker Ecco leaks almost 60GB of customer data

    Date:
    Fri, 23 Dec 2022 21:12:39 +0000

    Description:
    A misconfigured database has been leaking sensitive Ecco customer data since June 2021.

    FULL STORY ======================================================================

    Shoemaker Ecco has been operating a misconfigured database for more than a year, exposing a huge tranche of sensitive information to whoever knew where to look.

    This is according to a new report from Cybernews , whose research team recently identified 50 Ecco indices exposed to the public. In total, the database has had more than 60GB of sensitive data thats been available since June 2021.

    Millions of sensitive documents, from sales to system information, were accessible. Anyone with access could have viewed, edited, copied and stolen, or deleted the data, the researchers said. API requests

    While Ecco moved in to remedy the problem in the meantime, they did not comment on Cybernews findings. The database seems to be locked now, the researchers said.

    While scanning the web for unsecured and otherwise misconfigured databases, the research team found an exposed instance hosting Kibana, an ElasticSearch visualization dashboard, for Ecco. Kibana, as the researchers explained,
    helps process ElasticSearch information.

    The instance hosting the dashboard was guarded by an HTTP authentication, but the server was (mis)configured in a way that allowed API requests through. Using this loophole, the researchers looked up the index names on Eccos ElasticSearch, seeing 50 exposed indices with more than 60GB of data. Read more

    Many data breaches are being caused by misconfigured clouds


    Misconfigured web apps exposed millions of US personal records online


    These are the best endpoint protection software today

    The data contained all kinds of sensitive information, from sales and marketing, to logging and system information, the researchers said. One
    index, sales_org, contains more than 300,000 documents. A directory called market_specific_quality_dashboard held more than 820,000 records.

    There are multiple ways a threat actor could make use of the database, they further explained, saying that the visible code could have been changed, as well as naming, and URLs, all to run phishing campaigns, identity theft , or to trick people into running malware and ransomware.

    Whats more, the database is not for a local Ecco outpost, but rather for the global ecco.com website. In the hands of an experienced cybercriminal, the files could be a major tool in attacking the company globally. Ecco stores, its employees, as well as clients and customers. Here's our rundown of the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/shoemaker-ecco-leaks-almost-60gb-of-customer-da ta


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)