The data loss occurred as the database was hosted over a misconfigured Elasticsearch server.
Data breaches are becoming very common these days and a fashion retailer BrandBQ is the latest target of it. BrandBQ has over 500,000 downloads alone on Android coupled with its iOS installations, the number of users impacted is immense, estimated to be up to 6.7 million people.
The data exposed amounts to over 1 TB numbering 1 billion records and includes a range of personally identifiable information(PII) of the company’s customers such as full names, email addresses, phone numbers, and payment details without card numbers.
The breach has also compromised confidential details of its local contractors which go above and beyond the previously mentioned PII and additionally include VAT numbers, payment methods, names of the package receivers, and purchase information that is connected to orders.
Another layer of data was also leaked here with 49 million entries. This involved details about how the company’s database is structured and how it responds to scenarios like system errors and blacklisted emails – all of which could be used by future attackers to their advantage.
Researchers have stated that there have been multiple instances of data theft and loss from Elasticsearch server. On the top of it a misconfigured database hosted over the platform makes it more easy to hack and steal data.
NPAV recommends users to change their passwords in case of any data breaches that occur. Data stolen from these organizations contain personal information about individuals that can be easily used by hackers and cyber criminals to launch future attacks.
Use NPAV and join us on a mission to secure the cyber world.