Exploit: Misconfiguration
Raven Hengelsport: Specialty Fishing Supply
Risk to Business: 1.602 = Severe
Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. That server, hosting 18GB of company data covering at least 246,000 customers across 450,000 records, was discovered by security researchers and had purportedly been wide open for months. Even after researchers attempted to contact the company it took a long time for them to do anything about it.
Individual Risk: 2.416 = Moderate
The bonanza of information contained customer IDs, delivery dates, discounts, shipping fees, payments and shipment tracking numbers as well as PII like names, surnames, addresses, genders, phone numbers, email addresses and business names.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Mistakes like this are only compounded by blunders in the response. It shows clients that you aren’t concerned about their security if you aren’t concerned about yours.
Source: The Register