Exploit: Misconfiguration
Hariexpress: e-Commerce Firm
Risk to Business: 1.616 = Severe
Brazilian e-commerce firm Hariexpress is in hot water after it exposed an estimated to 1.8 billion client and seller records. The problem appears to have originated with a misconfigured Elasticsearch server, according to researchers. The server was left unencrypted with no password protection in place, exposing 610GB of data and that data may have been exposed for several months.
Individual Risk: 1.616 = Severe
Exposed customer data included full names, home and delivery addresses, phone numbers, and billing details. Also exposed were sellers’ full names, email and business/home addresses, phone numbers, and business/tax IDs (CNPJ/CPF).
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Human error will always be a company’s biggest cyber attack risk. It pays to make sure that everyone feels like they’re responsible for security to avoid messes like this.
Source: Info Security