A badly configured database allowed sensitive customer data to be leaked
Shoemaker Ecco operated a badly configured database for over a year. This exposed a lot of sensitive information to anyone who knew where to search.
Cybernews’s research team discovered 50 Ecco indices that were publicly available in a recent report. The database contains more than 60GB worth of sensitive data, which has been available since June 2021.
“Millions upon millions of sensitive documents, from system information to sales, were easily accessible,” the researchers said. Researchers said that anyone with access to the data could have seen, edited, copied, stolen or deleted it.”
API Requests
Ecco intervened to fix the problem, but they didn’t comment on Cybernews findings. Researchers stated that the database appears to be locked at this point.
The research team discovered an exposed instance of Kibana, an ElasticSearch visualization platform, while scanning the internet for misconfigured and unsecured databases. According to the researchers, Kibana is used to process ElasticSearch information.
Although the dashboard instance was protected by HTTP authentication, the server configuration allowed API requests to pass. The researchers used this loophole to search Ecco’s ElasticSearch for index names. They found 50 indices that contained more than 60GB data.
Researchers said that the data contained sensitive information ranging from sales and marketing to system and log information. Sales_org contains over 300,000 records. A directory called market_specific_quality_dashboard held more than 820,000 records.
They explained that there are many ways that a threat actor could make the database available to them. This includes changing the visible code, naming and URLs to launch phishing campaigns, identity theft (opens in new window), and tricking people into downloading malware and ransomware.
The database is not intended for local Ecco outposts, but for the global Ecco.com website. The files could be used to attack the company worldwide by an experienced cybercriminal. Ecco stores, employees, clients, and customers are all at risk.