Exploit: Misconfiguration
Hobby Lobby: Craft Supply Retailer
Risk to Small Business: 1.662 = Severe
Hobby Lobby made a blunder that was discovered this week. Researchers came across an Amazon Web Services (AWS) cloud database belonging to the controversial retailer that was misconfigured to be publicly accessible exposing 138GB of sensitive information..
Individual Risk: 1.707 = Severe
Exposed data includes customer names, partial payment card details, phone numbers, physical and email addresses along with source code for the company’s app, and employee names and email addresses. This information can be used for spear phishing and identity theft.
Customers Impacted: 300,000
How it Could Affect Your Customers’ Business: Making simple, avoidable blunders like this doesn’t fill your customers with confidence that you’re taking information privacy seriously.
Source:
https://threatpost.com/hobby-lobby-customer-data-cloud-misconfiguration/164980